-->
Before starting this post, I would like to share an information about this facility in SharePoint. There was no way of deleting the audit log entries in SharePoint till the release of infrastructure update for SharePoint. Once you install this update, then you will get a STSADM command Trimauditlog and using this we can delete the unwanted audit logs.
I would recommend to refer this post if you want to implement a custom mechanism to delete the audit entries in your SharePoint site.
Consider, you have enabled Auditing in your SharePoint site, and there are more than 10,000 users and 3000 – 4000 users are accessing the site at the same time. Then your application will audit the information and it will store all the audit log information in the AuditData table in the content DB. If the data in that table exceeds some millions and if you access the audit report page then it may take some minuets to pull the data from the DB.
As a work-around we can remove the unwanted audit entries from the AuditData table. But direct interaction with the content DB is not supported L, so what we can do in this situation?
There you will get the help by using SharePoint object model J.
You can use SPAuditQuery & SPAuditEntryCollection classes which are there in the Microsoft.SharePoint.dll, to accomplish this requirement. Below code is a sample code for a .NET console based application, which will take a date as input and you can delete the audit log till that particular date.
I am taking a backup of already deleted audit log in a text file and it will save inside the bindebug directory.
<code>
It is true that the Office 365 audit log gathers a great deal of. It comes to looking for information about SharePoint, no matter what tool you use. Dec 18, 2019 Office 365 Auditing Report Tool Get 500+ out-of-the-box Office 365 auditing reports on Azure AD, Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Power BI, Secure Score, Security & Compliance. The smart auditing dashboards with summarized activities on each and every O365 apps.
using
System;
using
System.IO;
using
System.Text;
using
Microsoft.SharePoint;
using
System.Collections;
using
System.Collections.Generic;
namespace
DeleteAuditEntries
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine('Example Deletion of Audit Entries');
Console.WriteLine('Enter a date below. In the root site collection, all audit entries created before the date entered will be deleted.');
SPSite site = new SPSite('http://localhost');
Console.Write('Enter Month: ');
int month = Convert.ToInt32(Console.ReadLine());
Console.Write('Enter Day: ');
int day = Convert.ToInt32(Console.ReadLine());
Console.Write('Enter Year: ');
int year = Convert.ToInt32(Console.ReadLine());
DateTime deleteBeforeDate = new DateTime(year, month, day);
//Let's query the log to get a report of all the entries we are deleting
SPAuditQuery newQuery = new SPAuditQuery(site);
newQuery.SetRangeEnd(deleteBeforeDate);
//This ensure we scope the query to just the logs about to be deleted
SPAuditEntryCollection report = site.Audit.GetEntries(newQuery);
TextWriter reportfile = new StreamWriter('auditreport.txt');
foreach (SPAuditEntry i in report)
{
reportfile.WriteLine(i.ToString());
}
reportfile.Close();
//This is the call that actually deletes the entries.
site.Audit.DeleteEntries(deleteBeforeDate);
Console.WriteLine('Complete. auditreport.txt contains a list of all audit entries that were deleted.');
return;
}
}
}
</code>
If you want to integrate this functionality in your SharePoint site, then you can create a custom aspx page you can implement this same functionality there. If you want to do that, then you can just go through the below MSDN link.
The above MSDN link is for creating a custom aspx for a different functionality with Auditing, but you can follow the steps in this article to create a user interface for deleting the auditing log entries and archiving the data in an another custom DB or in a text file.
1. Sample image 1
For E.g.: First you can create a custom action to your Site Actions to add a link to redirect the Administrator to the AuditData deletion page.
2. Sample image 2
After clicking that custom menu item, you can redirect the user to your custom aspx page which you need to keep in your Layouts folder.
Drive:Program FilesCommon FilesMicrosoft Sharedweb server extensions12TEMPLATELAYOUTS
Knowing who is taking action on content can be critical in helping your organization fulfill its compliance requirements. And as usage of a cloud service grows, it’s key for IT to strike the right balance between visibility and user enablement. Today, we’re announcing an important update for admins—the ability to audit and report on numerous activities that take place within SharePoint Online and OneDrive for Business, as well as new file size limits for files uploaded to SharePoint Online and OneDrive for Business.
Let’s dive into the details.
Auditing and reporting across numerous user and admin activities
Previously, we’ve announced a set of investments in auditing and reporting across several Office 365 services. We’ve now started to roll out some of these capabilities in the reports section of the Office 365 Compliance Center, including auditing and reporting on user and admin activities logged from SharePoint Online and OneDrive for Business, and the ability to view activities in Azure Active Directory (the directory service for Office 365) and Exchange Online.
From the Reports tab in the Compliance Center, you can create activity reports by clicking Start recording user and admin activities. Activities include file and folder actions such as view, create, edit, upload, download and delete; sharing actions like invitation and access requests; and synchronization activity. Reports can be tailored by user or by file within a specific date range. They could be used for instances like a compliance review where an admin or compliance officer needs to understand actions taken by one or more individuals within their OneDrive for Business or the actions taken by all people on a specific file in a SharePoint Online document library.
From the Office 365 Admin Center, open the Compliance Center and click the Reports tab to access the Office 365 activity reporting tool.
Currently, audit history is retained for 90 days and admins can export results to a CSV file for additional reporting in Excel. Auditing data can also be consumed using the Office 365 Management Activity API (now generally available), which provides a consistent schema across all activity logs and allows organizations and ISVs to integrate Office 365 audit data into their security and compliance monitoring and reporting solutions.
Learn more about how to search the audit log (includes information that describes all activities that are audited in Office 365). In future releases in Q2 of this year, we’ll be introducing new usage analysis reports that allow admins to see key metrics such as number of active users, total number of files and total storage consumed as well as drill into OneDrive usage for individual users.
Upload larger files, up to 10 GB each
In addition to the new auditing and reporting capabilities, we’re also increasing the per file size limit to 10 GB. This applies to files uploaded to Team Sites, Office 365 Groups and OneDrive for Business, as well as for videos uploaded into the Office 365 Video portal. Office 365 customers no longer need to leave big files stranded on file shares and local hard drives.
Example of a large CAD file successfully uploaded into a Team Site Document Library in SharePoint Online.
Example of a large Photoshop image file successfully uploaded to OneDrive for Business.
1 TB additional space for overall pooled SharePoint Online storage allocation
The amount of content in Office 365 is growing 300 percent year over year. To meet your needs for more storage, we’re increasing default storage to 1 TB plus 0.5 GB per user to use across SharePoint Online, Office 365 Groups and Office 365 Video—up from the previous allocation of 10 GB. This is in addition to the unique default per-user OneDrive for Business storage space and individual storage provided for user email inboxes. Office 365 customers on our premium Enterprise, Government and Education plans will receive OneDrive for Business unlimited storage, and we’re pleased to announce that the first stage of providing 5 TB for each user is now complete.
Customers with cloud hybrid search configured now get rights to index one-million items from on-premises SharePoint per each 1 TB of pooled storage. Items indexed in SharePoint Online are already covered within a customer’s Office 365 investment. (Learn more about hybrid search in SharePoint.)
And if you need more storage beyond default allocations, you can purchase additional storage from within the SharePoint Online admin center on a per-gigabyte (GB), per-month basis. You can manage pooled storage per the new usage storage model. All of the above updates are covered in more detail in the SharePoint Online: software boundaries and limits article.
Note: Kiosk and external users do not contribute to the overall tenant storage pool.
Additional service updates
We’ve also made related updates that improve discovery and navigation of your SharePoint intranet, and how email notifications are sent during share- and alert-type actions. These updates include:
- Sites page refresh—The Recommended Sites have been vastly improved with intelligence from the Office Graph, and you now see Recent Sites listed, making it easier to find sites and portals in Office 365.
- Exchange Web Services and Exchange Online Protection (EOP)—Now, emails for user-generated actions in SharePoint Online, like when a document is shared, are sent mail from the user’s Exchange Online mailbox, making delivery more reliable and resulting in fewer of these emails landing in the spam folder. For more details, read this article.
The Office 365 Sites tile now shows Recent Sites and Recommended Sites powered by the Microsoft Graph alongside Promoted Sites managed by admin and Followed Sites selected by users.
We welcome feature requests and feedback via the Office 365 UserVoice, @SharePoint and @Office365 on Twitter and in the comments below. We’re eager to hear your feedback and use it to provide the best experience possible.
—Mark Kashman, senior product manager for the Office 365 team
Frequently asked questions
Q. Do the new auditing and reporting capabilities require a specific Office 365 configuration?
A. In order to use the auditing and reporting capabilities, customers must have Exchange Online.
Q. Does OneDrive for Business offer the ability to control auditing and reporting by country or by tenant?
A. Currently Office 365 auditing and reporting is available at a per-tenant level only. There are no customer-facing controls yet to target by geography.
Q. When can I expect to see these changes applied to my Office 365 tenant?
A. Beginning today, these changes are rolling out to eligible Office 365 business customers worldwide. We expect to be at 100 percent rollout within the coming weeks.
Q. Which Office 365 plans will receive the 1 TB default storage SharePoint Online improvement?
A. Office 365 plans that include SharePoint Online will receive 1 TB of default storage across enterprise, education and government plans.