Follow

Audit Log

1.Introduction

With this feature, WorkPoint extends the current audit log feature. It records audit log data per document library. The log can be accessed through the action bar on any document library, but it will only be accessible to by people or groups already defined in the settings of the current functionality.

Note that this feature is only available in the Modern UI version of WorkPoint.

There are several cases where this feature excels. One example is if a project manager wishes to see who of his project team has opened a specific document.

Another case is if a project manager wants to see if a certain document has been shared with external people.

A third example could be in a court case, if a company needs documentation that a specific external person has opened and/or downloaded a document.

A fourth case could be that a project manager wants an overview of all changes made to a document library during a specific time interval. This needs to go into a report. He can then use the export-to-excel feature to cumulate the data into an easy to present spreadsheet.

2.Requirements

This is an additional feature. If you want to feature for your solution, please contact WorkPoint Sales by email at sales@workpoint.dk.

Also note that this feature is only available for solutions using the Modern UI.

Azure Storage is also required for this feature to work. What type of Azure storage is right for your company can be very difficult to determine beforehand since it can depend on many factors, such as number of sites. Please contact WorkPoint support for help regarding this topic.

3.Configuration

To configure the Audit Log settings, go to the WorkPoint 365 Administration and click the “Audit Log” button in the menu to the left. Follow these steps:

  1. Click the Home button of the solution
  2. Enter the WorkPoint 365 Administration by clicking the cog-icon at the bottom of the menu
  1. Click the “Audit Log” button in the menu to the left

In the Audit Log settings interface, there are several fields to be filled out:

  1. Technically, you should click the “Add command sets” once you have filled in the remaining fields of the interface. This adds menu-items to libraries in the Master Site. After this, a Master Site Synchronization must be run to push the changes to all entity sites. When running the master site synchronization, it is important to expand the Documents-tab and check on “Replicate Settings, as shown in the image below:

Only synchronization of “Replicate Settings” is strictly necessary in this case.

  1. For “User name”, type in the user name of the Service Account with access to the audit log. This user must have the “View-Only Audit Logs” role in Exchange Online.
  2. The password for the user
  3. Set the interval for when the system will fetch data from the audit log. For performance reasons you should normally select the highest possible value (1440). These numbers represent minutes between each fetch. This determines the delay from an even occurring to its visibility in the audit log.
  4. The connection string to the Azure storage account where fetched audit data will be stored.
  5. Only members specified in this field will be allowed access to the audit log.

Followed by this is a long list of queries that can be activated. These are the kinds of data that you want the log to record. You can tick the ones that you want the log to record on and tick off the ones that you do not need. A list of the queries and their technical descriptions can be found be navigating to this link: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance.

Once done setting up the Audit Log, click “Save” at the bottom of the interface. Then click the “Add command sets” button in point 1 of the image above.

Note that it is necessary to clear the WorkPoint 365 Browser Cache for the changes to apply. You do this by clicking the Home side panel button of the solution, then clicking “Need help?” at the bottom (1). You can now click “Clear WorkPoint 365 browser cache” (2), as seen in the image below:

Note also that it is important after having configured the audit log to run the aforementioned Master Site Synchronization for each business module. To do this, follow these steps:

  1. From the WorkPoint 365 Administration, click the header of the business module for which you wish to run a Master Site Synchronization.
  2. Click the “Master Site Synchronization” button in the menu

In the Master Site Synchronization interface, click “Synchronize all”. This process may take some time. The process can be follows by refreshing the list below these buttons by clicking the “Refresh” button.

When accessing a document library, the Audit information can be accessed by clicking “View list audit information” in the actions menu:

If selecting a document from the list, an additional button, the “View audit information” button, appears:

4.End User Guide

When opening an audit log, an interface like the one in the image below will open:

  1. Select the operations (types of log entries) that you wish to be shown
  2. Select a start date from when to pull log entries
  3. Select an end date of when to pull log entries
  4. If you wish to be shown log entries that relates to a specific user, select the user in this field
  5. Select a maximum number of log entry results to show
  6. Choose whether to search for results or to export to Excel

When a search is performed, the results will show below the search button:

If Export to Excel is chosen, depending on your browser settings, the system will either open the excel document in your browser, or start a download of the excel document. The Excel document looks like this:

This kind of search and export can be done both on a List/Library level or on individual documents.

5.Notes

Note that all the same audit log event as before will be recorded. The log is available in the same UI as the past audit log.

Also note that using the audit log will include a certain delay. Microsoft states that their audit log (from where we fetch the information) can be delayed with up to 30 minutes. Further, a WorkPoint job will run every hour (minimum interval) to fetch the information from the SharePoint logs and added this to logging database in WorkPoint. So it should be expected that this kind of information is delayed with up to 1½ hour plus any overhead time regarding processing the audit logs (e.g. If lots of documents are changed within a short period of time, it can take some time to process this information and store the information in the WorkPoint logging database).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments