Tag Archive: audit

Office 365 Auditing

It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log entry to be displayed in the search results. The following table shows the time it takes for the different services in Office 365.

Office 365 service 30 minutes 24 hours
Azure Active Directory (admin events) yes
Azure Active Directory (user login events) yes
Exchange Online yes
Microsoft Teams yes
Power BI yes
Security & Compliance Center yes
SharePoint Online and OneDrive for Business yes
Sway yes
Yammer yes


  • Azure Active Directory (Azure AD) is the directory service for Office 365. The unified audit log contains user, group, application, domain, and directory activities performed in the Office 365 admin center or in the in Azure management portal. For a complete list of Azure AD events, see Azure Active Directory Audit Report Events.
  • Exchange Online audit logs consist of two types of events: Exchange admin events (actions taken by administrators) and mailbox events (actions taken by users on mailboxes). Note that mailbox auditing isn’t enabled by default. It must be enable for each user mailbox before mailbox events can be searched for in the Office 365 audit log. For more information about mailbox auditing and the mailbox auditing actions that are logged, see Enable mailbox auditing in Office 365.
  • Audit logging for Power BI isn’t enabled by default. To search for Power BI activities in the Office 365 audit log, you have to enable auditing in the Power BI admin portal. For instructions, see Auditing Power BI.

Note: We’re in the process of turning on auditing by default. Until then, you can turn it on manually.

If you face more than expected delays as described on the temple kindly let me know.

Turn off an activity alert for Auditing

You can turn off an activity alert so that an email notification isn’t sent. After you turn off the activity alert, it’s still displayed in the list of activity alerts for your organization, and you can still view its properties.

  • Go to https://protection.office.com.
  • Sign in to Office 365 using your work or school account.
  • In the left pane, click Alerts, and then click Manage activity alerts.
  • In the list of alerts for your organization, click the alert that you want to turn off.
  • On the Edit alert page, click the On toggle switch to change the status to Off, and then click Save.

The status of the alert on the Activity alerts pages is set to Off.

To turn an activity alert back on, just repeat these steps and click the Off-toggle switch to change the status to On.

Create activity alerts in the Office 365 Security & Compliance Center


Web resources: