Implementing OneDrive for Business Auditing and Reporting

OneDrive for Business is part of Microsoft Office 365, which also includes Exchange Online, SharePoint Online, Skype for Business, Azure Active Directory, Power BI and other hosted services. OneDrive for Business is a cloud storage where employees can store business-related files that, unlike files stored in SharePoint Online, rarely need to be shared with other team members. Therefore, it often contains sensitive data, and careful monitoring is required to ensure the safety and integrity of that data. Proper OneDrive for Business auditing and reporting will help you strengthen data security and tighten control over user and admin activities.

Using Native OneDrive for Business Reporting

As an Office 365 admin, you can manage OneDrive for Business through the Office 365 management console, called the admin center. This is where you can manage security and sharing settings, control user activity like data access and syncing, run predefined auditing reports, and manage the audit log. The audit log records changes to content, security and sharing settings, as well as data access events. If you want to see activity across your Office 365 organization, you can use the unified Office 365 audit log, available in the Security & Compliance Center, which is responsible for recording user and admin activities across the various Office 365 applications. Though native reporting provides visibility into the most important events, it has several important limitations:

  • There is no report subscription option, so you have to run reports on demand, which adds to IT workload and makes it less likely that reports will be reliably reviewed on a regular schedule.
  • Only a handful of predefined reports are available, so you often might not find one that provides the information you need. And while you can filter and sort through the system log or the unified log, you cannot create a custom report that you can use again in the future.  
  • Security investigations or audits often require data that is more than 90 days old, but you won’t be able to do that with native capabilities. The retention period for the native audit logs is only 90 days, so you have to think about other ways to preserve your historical audit data.

Streamlining OneDrive for Business Auditing with Netwrix Auditor

Netwrix Auditor for Office 365 makes Office 365 auditing easy. It delivers OneDrive for Business reporting, as well as SharePoint Online and Exchange Online reporting. Netwrix Auditor for Office 365 reports on both access events and changes, including changes to content, security and sharing settings, mailbox permissions, policies and more. You can choose from a variety of predefined reports or easily create custom reports based on your specific requirements. All predefined and custom reports have a subscription option, so reports can be delivered automatically to your email on the schedule you choose. The two-tiered (file-based + SQL database) storage enables you to store audit data for more than 10 years, while ensuring quick and easy access to the data through the whole retention period. Moreover, Netwrix Auditor for Office 365 is a part of a unified platform that provides complete visibility into changes and data access throughout your hybrid IT infrastructure, including Active Directory, Azure AD, Microsoft SQL Server and more, empowering you to strengthen data security and tighten control over user and admin activity across your entire infrastructure.

Data Access report from Netwrix Auditor: What, Who and When