Audit logs in SharePoint Online are crucial for tracking user activities and ensuring compliance with various regulations. They provide detailed records of actions performed within your SharePoint environment. These logs are part of the larger Office 365 or Microsoft 365 audit logging capabilities and are accessible through the Microsoft 365 compliance center, rather than the SharePoint Online Admin Center itself.

How to Access Audit Logs

• To access audit logs, you need to be assigned compliance or audit permissions. Typically, roles such as Global Administrator, Compliance Administrator, or Audit Logs role in the Microsoft 365 compliance center can access these logs.
• Go to the Microsoft 365 compliance center by navigating to https://compliance.microsoft.com.
• Sign in with your admin account.
• Once in the compliance center, go to Audit (you might find it under Solutions or directly on the homepage depending on updates and settings).
  
• If it’s your first time accessing the audit logs, you might need to start recording activities by turning on the audit logging feature.
  
• In the Audit dashboard, you can search and filter the logs by date range, activities, users, and more. You can also Export the data.
  
• For SharePoint-specific activities, select filters that pertain to SharePoint activities such as file access, file deletions, permission changes, etc.
• The results will show a list of recorded activities. Each entry includes detailed information such as the date and time of the activity, the user who performed the activity, and the specific action taken.
• You can download the results for further analysis or reporting.

Types of Activities Tracked in SharePoint Audit

SharePoint Online audit logs can track a variety of activities, including but not limited to:

· File and page activities: Access, modification, deletion, sharing, and download of files and pages.

· List and library activities: List item creation, modification, deletion, and access.

· Permission changes: Changes to permissions and sharing settings of sites, lists, libraries, and individual items.

· Administration activities: Site creation, deletion, changes to site settings, and more.

Considerations for Auditing

· Data Retention: Audit log data is retained for a limited period, typically 90 days for most subscriptions. For longer retention, you might consider higher-tier plans or third-party solutions.

· Impact on Performance: Extensive auditing, especially in large environments, can impact system performance. It’s important to select only necessary auditing options.

· Legal and Compliance Needs: Regular review of audit logs is important for compliance with legal and regulatory requirements, particularly for organizations in regulated industries.