Article last updated on the 18th of May 2020.
Contents
1. Introduction
With this feature, WorkPoint extends the current audit log feature. It records audit log data per document library. The log can be accessed through the action bar on any document library, but it will only be accessible to by people or groups already defined in the settings of the current functionality.
Note that this feature is only available in the Modern UI version of WorkPoint.
There are several cases where this feature excels. One example is if a project manager wishes to see who of his project team has opened a specific document.
Another case is if a project manager wants to see if a certain document has been shared with external people.
A third example could be in a court case, if a company needs documentation that a specific external person has opened and/or downloaded a document.
A fourth case could be that a project manager wants an overview of all changes made to a document library during a specific time interval. This needs to go into a report. He can then use the export-to-excel feature to cumulate the data into an easy to present spreadsheet.
2. Requirements
Note that this feature is only available for solutions using the Modern UI.
Azure Storage is also required for this feature to work. What type of Azure storage is right for your company can be difficult to determine beforehand since it can depend on many factors, such as number of sites. The standard selection in Azure works for most purposes, however WorkPoint Support is able to help in this regard.
Please also be aware that if setting up Audit Log for multiple solutions, the same Azure storage subscription can be used, but separate storage accounts are required. Under normal circumstances, the standard selection in Azure is sufficient for this purpose.
3. Configuration
To configure the Audit Log settings, go to the WorkPoint 365 Administration and click the “Audit Log” button in the menu to the left. Follow these steps:
- Click the Home button of the solution
- Enter the WorkPoint 365 Administration by clicking the cog-icon at the bottom of the menu
- Click the “Audit Log” button in the menu to the left
In the Audit Log settings interface, there are several fields to be filled out:
- Technically, you should click the “Add command sets” once you have filled in the remaining fields of the interface. This adds menu-items to libraries in the Master Site. After this, a Master Site Synchronization must be run to push the changes to all entity sites. When running the master site synchronization, it is important to expand the Documents-tab and check on “Replicate Settings, as shown in the image below:
Only synchronization of “Replicate Settings” is necessary in this case.
- For “User name”, type in the user name of the Service Account with access to the audit log. This user must have the “View-Only Audit Logs” role in Exchange Online.
- The password for the user
- Set the interval for when the system will fetch data from the audit log. For performance reasons you should normally select the highest possible value (1440). These numbers represent minutes between each fetch. This determines the delay from an even occurring to its visibility in the audit log.
- The connection string to the Azure storage account where fetched audit data will be stored.
- Only members specified in this field will be allowed access to the audit log.
The group set in pt. 9 MUST be an Azure AD security group.
- Select the queries you want to activate by selecting at least one operation that can be searchable in the query. You should select only the operations you expect to use in the query for optimal performance.
Followed by this is a long list of queries that can be activated. These are the kinds of data that you want the log to record. You can tick the ones that you want the log to record on and tick off the ones that you do not need. A list of the queries and their technical descriptions can be found be navigating to this link: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance.
Once done setting up the Audit Log, click “Save” at the bottom of the interface. Then click the “Add command sets” button in point 1 of the image above.
Note that it is necessary to clear the WorkPoint 365 Browser Cache for the changes to apply. You do this by clicking the Home side panel button of the solution, then clicking “Need help?” at the bottom (11). You can now click “Clear WorkPoint 365 browser cache” (12), as seen in the image below:
Note also that it is important after having configured the audit log to run the aforementioned Master Site Synchronization for each business module. To do this, follow these steps:
- From the WorkPoint 365 Administration, click the header of the business module for which you wish to run a Master Site Synchronization.
- Click the “Master Site Synchronization” button in the menu
In the Master Site Synchronization interface, click “Synchronize all”. This process may take some time. The process can be follows by refreshing the list below these buttons by clicking the “Refresh” button.
When accessing a document library, the Audit information can be accessed by clicking “View list audit information” in the actions menu:
If selecting a document from the list, an additional button, the “View audit information” button, appears:
The last thing required for this feature to work is to set up a scheduled job for the Audit Log. WorkPoint recommends to schedule this job to run once every hour.
This can be configured in the following way:
- In the WorkPoint Administration, click "Scheduled Jobs" from the left side menu.
- In the "Scheduled Jobs" page, click "Schedule Audit Log".
- For interval, type in a value of 1.
- For Frequency, select "Hour" from the drop-down menu.
- Select a start date and time. This is the first time the job will run, and then once every hour, as per the interval and frequency settings.
- Click the "Save" button.
the job is now scheduled and ready to run once per hour from the set start date and time:
4. End User Guide
Click here to go to the end user guide article for Audit Log.
5. Notes
Note that all the same audit log event as before will be recorded. The log is available in the same UI as the past audit log.
Also note that using the audit log will include a certain delay. Microsoft states that their audit log (from where we fetch the information) can be delayed by up to 30 minutes. WorkPoint's Audit Log feature is always delayed by 2 days to ensure that all data is correctly pulled and accessible.
Further, a WorkPoint job will run once every hour (minimum interval) to fetch the information from the SharePoint logs and add this to the logging database in WorkPoint. Therefore, it should be expected that this kind of information can be delayed by up to 1½ hour plus any overhead time regarding processing the audit logs (e.g. If lots of documents are changed in within a short period of time, it can take some time to process this information and store the information in the WorkPoint logging database).
Comments
0 comments
Article is closed for comments.