When an organization has already deployed Office 365, It is a must-have for Administrators to keep track of what users do with Documents, Emails, Sharepoint, etc. for various security and compliance reasons of the organization.

This post is written to guide and help Office 365 admins to enable the audit logging feature in Office 365 to track user activities in the Office 365 environment.

First, to do this, after logging into the Office 365 tenant using the admin credentials, the Office 365 new admin portal, browse to the “Admin Centers” and select “Security and Compliance” as shown below in Fig 1.


This will load the “Office 365 Security & Compliance” portal which will let admins turn on the “Recording Activity” feature to enable track user activity as well as the admin activity of the Office 365 Portal. So once on the  “Office 365 Security & Compliance” section, click “Start recording now” under the “Search for the activity” as shown below in Fig2.


After clicking on “Start recording now” as shown in the above Fig2, it will open up a “Start recording user and admin activities” box. After that click on the “Turn On” button as shown in below Fig3.


Do keep in mind that after turning on this feature it will take up to 24 hours for it to get provisioned. Therefore it is advisable to try running audit reports after this time period to better reflect user and admin activities after turning on this feature.

Once the feature is turned on, it will indicate that search activity has been started as shown below in Fig4.


Now, it is time to run the reports for auditing. For that, go to “Search & Investigation” and select “Audit Log Search” to bring the “Audit Log Search” section as shown below in Fig5.


In Fig5 above, it says “Because you just turned on recording audit logs in last 24 hours, some activity may not show up in the search results“. So it is recommended to run any searches after this time period.

To help understand the list of searches that can be performed using the above auditing facility, visit the below link.

Click here to go to the article to see all the user and admin activity types which can be used to generate the audit reports.