Introduction #
You (or another admin) must turn on audit logging before you can start searching the audit log. When audit log search in the Security & Compliance Centre is turned on, user and admin activity from your organization is recorded in the audit log and retained for 90 days, and up to one year depending on the license assigned to users.
We recommend turning on auditing to the Unified audit log.
User Impact #
Low
Having the unified audit logging turned on allows you to search for all user activities from the primary audit log for the tenant. Without it turned on searching for user activity is difficult.
Admin Portal Reference #
In the Microsoft 365, go to the Security & Compliance Centre.
In the Security & Compliance Centre, go to Search > Audit log search.
A banner is displayed saying that auditing has to be turned on to record user and admin activity.
Click Turn on auditing.
If Action is set to Notify #
We report the setting is compliant if unified audit logging has been enabled.
We report the setting is non-compliant if the unified audit logging has not been turned on.
If Action is set to Enforce #
We report the setting is compliant if unified audit logging has been enabled.
We report the setting is compliant-fixed if the unified audit logging was not enabled but has now been turned on.
