Obtain Deleted Stats (SharePoint) by Retention Policy
I've scoured: Identify the available PowerShell cmdlets for retention | Microsoft Learn and the Unified Audit Log (Using Search-UnifiedAuditLog in Powershell: All You Need To Know, How to Query Microsoft 365 Audit Logs using PowerShell – TheITBros) to see if I can come up with a method to obtain some statistics regarding how many files and space (storage) has been freed up with the use of retention policies being enabled. I'm drawing a blank. In an ideal world, I'd like know how many files have been deleted by the system (the system enforcing a 5 Year from last modified Date and Delete Policy) for the last year or 6 month intervals. If possible the corresponding volume of storage space recovered from these deletions. Any ideas?Where do I manage old audit activity alerts?
I have an audit activity alert that, I assume, was created in Office 365 before it became Microsoft 365. My problem is trying to find where to manage this alert. Does anyone recognize this alert and know where I go to manage it? I have spent time looking through the Compliance port at Alerts and alert policies, but there is nothing there to manage.
Audit Log, what is TokenIssuedAtTime?
I used audit log to search user delete MS Teams files, by using Recycled File and Recycled Folder, I got the log file. Why the TokenIssuedAtTime and the CreationTime are so much different? Below is one of the log record {"AppAccessContext":{"AADSessionId":"8f382a1d-b233-425c-92f4-3cf9ed395c9e","CorrelationId":"ae68fba0-40db-2000-ce07-a7bde7727c3f","TokenIssuedAtTime":"2023-12-23T00:47:57","UniqueTokenId":"U4m5SFCmckOiN_QLrysqAQ"},"CreationTime":"2023-12-26T04:24:52","Id":"7a3dc23c-2699-485b-0a87-08dc05ca9b40","Operation":"FolderRecycled","OrganizationId":"7cf9c29c-c6af-4790-b98b-4eff7637f9be","RecordType":6,"UserKey":"i:0h.f|membership|email address removed for privacy reasons","UserType":0,"Version":1,"Workload":"SharePoint","ClientIP":"2001:d08:e2:58d:61cb:e4bc:c451:aef9","UserId":"email address removed for privacy reasons","AuthenticationType":"FormsCookieAuth","BrowserName":"","BrowserVersion":"","CorrelationId":"ae68fba0-40db-2000-ce07-a7bde7727c3f","EventSource":"SharePoint","IsManagedDevice":false,"ItemType":"Folder","ListId":"33880cd7-1db1-450f-9cd0-5c437c0ccaee","ListItemUniqueId":"184cd92b-40cf-4fa1-82aa-ad5fa61a2a05","Platform":"WinDesktop","Site":"f1bb631d-8ff4-4411-b49f-066e20be905c","UserAgent":"Microsoft SkyDriveSync 23.246.1127.0002 ship; Windows NT 10.0 (19045)","WebId":"aa607282-8b47-47d1-938b-c0cde8e2d87d","DeviceDisplayName":"2a01:111:2055:202:4701:ee31:fe3f:156","CrossScopeSyncDelete":false,"HighPriorityMediaProcessing":false,"SharingType":"","SourceFileExtension":"","SiteUrl":"https://mysharepoint.sharepoint.com/sites/mysite/","SourceRelativeUrl":"Shared Documents/test/MyFolder","SourceFileName":"Quotation","ObjectId":"https://mysharepoint.sharepoint.com/sites/mysite/Shared Documents/test/MyFolder/Test1"}Audit Log start-date into past not possible. How getting group members added date 2 years ago?
I cant take start date into past. In Classic Search it is greyed out. In New Search I can go into year 2021 but it said if I take it... "Start/end date shoulbe in valid format and the start date is earlier than end date." How is it possible to make audit-log in the past ?? My Groups are created on early 2021 but I cant make an Audit for this year.Device Consent to Terms of Use
Can anyone confirm whether in order for users to consent to the terms of use on any device, those devices will need to be registered in Intune as per this https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use document? Below is mentioned in the document: "Per-device terms of use The Require users to consent on every device setting enables you to require end users to accept your terms of use policy on every device they're accessing from. The end user will be required to register their device in Azure AD. When the device is registered, the device ID is used to enforce the terms of use policy on each device. Supported platforms and software. iOS Android Windows 10 Other Native app Yes Yes Yes Microsoft Edge Yes Yes Yes Internet Explorer Yes Yes Yes Chrome (with extension) Yes Yes Yes Per-device terms of use has the following constraints: A device can only be joined to one tenant. A user must have permissions to join their device. The Intune Enrollment app isn't supported. Ensure that it's excluded from any Conditional Access policy requiring Terms of Use policy. Azure AD B2B users aren't supported. If the user's device isn't joined, they'll receive a message that they need to join their device. Their experience will be dependent on the platform and software."Audit Log changes
Like many users, we had IP ranges in Nigeria trying to crack user passwords, and this was showing up in the Audit Logs as "UserLoginFailed" now this seems to have disappeared completely. I tried from the OWA on my account until it locked me out, and nothing showed up in the audit at all. I tried to search the community for this, but nothing came back,.. has anyone had this experience?
UserLoggedIn events not found in Azure Audit log for about a week
When I search for UserLoggedIn events in my Office 365 Tenant, I'm unable to find any audit records for the last 7 days. Whereas all our users have been logging in and out. I've tested one of our test tenants as well and found it missing as well. Anyone facing this?
Audit Logs and OneNote pages
Hi All: I'm trying to run some audit log data on OneNote usage to get a sense of what's being used in the org. However, it appears that audit logs only track down to the section, which is listed as file. Anyone have an understanding of this and how to I might achieve what I am after? Best, GrantAudit Log Search - Document Library
Hi all, (hopefully posting in the correct area). I have a requirement to check audit logs for permission/inheritance changes at a Document Library level. I have looked to use the Security & Compliance > Search > Audit Log Search function within O365 Admin, however it only appears to audit Site level permission activities? If it's possible, can I run an audit of changes against a specific Document Library within a SharePoint site? In this instance it's actually the Site Pages document library. SharePoint Online being used under MS 365 E3 licensing.
