Remote Support
Client Login
Remote Support
Client Login

Know what happens with your online data

Most businesses only realise they need SharePoint auditing after a problem occurs—like missing data or security concerns. But by then, it’s too late to track what’s already happened. If your auditing isn’t enabled beforehand, you won’t have the data you need. Let’s look at what SharePoint auditing can (and can’t) do, and how to set it up before you actually need it.

What Can SharePoint Auditing Do Out of the Box?

SharePoint comes with basic auditing features that allow you to track key activities within your site collections. These include:

  • Document access (when a user views or downloads a file).
  • Changes to documents, lists, and libraries (who edited or deleted what).
  • Permissions changes (who gave or revoked access to files or sites).

These actions are essential for tracking general user activity and security compliance within your SharePoint environment.

What SharePoint Auditing Can't Do by Default

While SharePoint auditing can track important actions, it doesn’t log everything automatically, and certain activities are outside its native scope:

  • Copying or moving files won’t be captured.
  • Viewing a document without downloading it may go untracked.
  • Failed login attempts or other unauthorised access attempts won’t be logged.

Additionally, SharePoint doesn’t track actions retroactively. If you haven’t turned on auditing ahead of time, there’s no way to retrieve past data. Any actions taken before auditing is configured simply won’t be captured.

How to Set Up SharePoint Auditing Correctly

To fully leverage SharePoint auditing, it’s crucial to enable and configure it proactively. Here’s what needs to be discussed and configured with your IT partner:

  • Enable auditing features in the SharePoint Admin Center for your specific site collections or libraries.
  • Configure which actions you want to audit (e.g., edits, deletions, or changes to permissions). Without specifying these actions, you risk missing critical activity.
  • Set audit log retention policies to control how long the data is stored. By default, audit logs may only be kept for 30 days, but you can extend this period to fit your organisational needs.

Reminder: Auditing only starts once it’s configured. There’s no way to recover data from before auditing was turned on, so it’s important to enable it long before you suspect a problem.

Common Use Cases for SharePoint Auditing

When correctly set up, SharePoint auditing can provide critical insights into user behaviour and content management. Common examples include:

    • Tracking who accessed confidential documents. This is essential for monitoring sensitive information or dealing with potential data breaches.
    • Monitoring changes in permissions to ensure access is tightly controlled and only given to the right individuals.
    • Investigating file deletions by knowing who deleted specific documents, and when, allowing you to address potential loss of important information.
    • Verifying compliance with industry regulations, such as GDPR or HIPAA, by ensuring that sensitive data is properly accessed and managed.

Why You Can’t Rely on SharePoint Auditing Alone

While SharePoint auditing provides a valuable starting point for tracking activity, it has several limitations:

  • No real-time alerts: If an unauthorised user accesses a document, SharePoint won’t notify you in real time. It’s purely retrospective.
  • Limited activity tracking: Key actions, like copying files or moving them to different folders, aren’t logged.
  • Retention challenges: By default, logs are only stored for a short time. If you need to keep audit data longer for compliance purposes, you must configure this manually.
  • No built-in analysis tools: SharePoint collects data, but it’s up to you to export and analyse that information using tools like Excel or Power BI.

These gaps can be significant depending on your business’s security needs or regulatory obligations.

What Happens If You Don’t Enable Auditing?

Without proper auditing, your organisation could be left vulnerable in critical situations. Imagine the following scenarios:

  • A key document goes missing, and you need to know who last accessed it. Without auditing, you can’t track who viewed or deleted it, leaving you without answers.
  • Sensitive information is shared outside your team, and there’s no way to trace how or when permissions were changed.
  • In the event of a security breach, you need to verify who accessed certain files—but with incomplete audit logs, you’re missing crucial evidence for your investigation.

These are real-world risks that organisations face when auditing isn’t turned on in advance.

For More Advanced Needs, Consider Third-Party Tools

While SharePoint’s native auditing is useful, some organisations require more robust solutions, such as:

  • Real-time alerts when suspicious activity occurs, like unauthorised access or data transfers.
  • More detailed tracking for compliance, such as full user behaviour analytics or longer retention periods.

Third-party tools can bridge these gaps, offering enhanced monitoring, custom reports, and real-time alerts, so your organisation can respond quickly and effectively.

We can help

SharePoint auditing offers valuable features for monitoring user activity, but it must be set up in advance and configured properly to deliver the insights you need. Without proactive auditing, businesses may find themselves unable to track down critical actions or respond effectively to security issues.

Don’t wait until it’s too late. Get Optimus involved and ensure your SharePoint auditing is set up correctly before you need it. Our team can help you configure the right audit settings for your business, so you’re always ready to track, monitor, and secure your data.

Talk to our team about your needs

Get the latest insights to your inbox

+64 9 359 9339

+61 3 9131 9792

[email protected]

SERVICES

Strategy

Cybersecurity

Infrastructure

Support

Resources

Case studies

Insights

Strategy review

COMPANY

About us

Our team

Our values

CONTACT

Get in touch

Schedule a call

Find a local office

[email protected]

+64 9 359 9339

+61 3 9131 9792

Copyright © 2024 Optimus Systems Limited. All Rights Reserved.

Privacy Policy

Company Terms