After an organization has deployed Office 365, the companies’ administrator roles will be changed. Each company needs an administrator, who is responsible to track, what the company users are doing with E-Mails, Documents, SharePoint etc. for the various security and compliance reason of the organization.
In the Office 365 admin center Microsoft has given us a feature, to be able to enable the audit logging for these tasks. Like always in this kind of topics, we can find this by Security & Compliance center.
If we browse in the Office 365 admin center to the security & compliance center, your browser will open a new TAB or windows with the security & compliance portal. Here you can find in the right menu the Widget Search for activity.
Note: if you cannot find it, go to the left corner on top and click on Customize:
After that on Add widget and take the right one to your home screen. Save it and continue with the next steps.
After we have started the recording, the security & compliance center will open a Start recording user and admin activities box. Now we continue with pushing Turn on.
At this moment, we need to keep in our minds, that after starting this feature, we need to wait around 24 hours until it is fully provisioned. Knowing this I highly recommend, to start with the audit reporting/audit processing after the feature is provisioned. To know the exact moment when the feature is active we can see it on our Security and Compliance Dashboard:
After some time we can browse in our Security and Compliance center to Search & investigation and then to Audit log search
If you follow up this step too early, you will receive the following information:
After the successful provisioning, we will get the results and we are able to start to report our audits.
To get more information about the audit log search and the searching results, I can recommend you the link HERE to follow up the Microsoft article on the official Microsoft page.