Enable Office 365 Audit Log Recording


In Cloud era where companies are leveraging SaaS offerings for their core business services and leveraging Cloud technologies to serve their end customers. Having an audit system is of high importance to any company because it helps to pursue and obtain various corporate controls and fulfill business requirements of controls and compliance. Every Business process need different type of control (Internal or External) to help facilitate monitoring of irregular activities to ensure security of the infrastructure.

Microsoft has significantly invested in Office 365 auditing and reporting capabilities to help organization leverage best in class SaaS solution for core business applications while gaining the control of user activities. Being and administrators of the organization, you can take advantage of new enhanced capabilities available in Microsoft Security and Compliance Center that helps you monitor granular level of user activities. For Example, Activity reports that show file and folder actions taken by users in a given date range.

Enable Office 365 Audit Log Recording

Below are the steps to be performed by security administrator in Office 365 to enable office 365 audit log recording for proactive monitoring and alerting.

  • Login to Office 365 Security and Compliance Center with admin privileges.
  • In the Security & Compliance Center, go to Search & investigation > Audit log search.


Enable Office 365 Audit Log Recording

  • Click Start recording user and admin activities.

Enable Office 365 Audit Log Recording

  • A dialog box will be displayed saying that “user and admin activity in your organization will be recorded to the Office 365 audit log” and available to view in a report.
  • Click Turn on.

A message is displayed that says the audit log is being prepared and that you can run a search in a couple of hours after the preparation is complete. This step will complete the ennoblement of your audit log search in Office 365 to help you facilitate your audit requirements.

Office 365 audit log recording can be enabled leveraging PowerShell.

C:\> Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true


Office 365 audit capabilities help security analyst within the organization to proactively monitor and manage admin and user activities to help meet compliance and legal requirements. It’s highly recommended to enable Office 365 audit log recording for admin and user activities in Office 365 and configure reporting capabilities based on your business and security needs to ensure compliance.

Also published on Medium.