Syskit Point
Schedule a DemoStart a Free TrialContact UsProduct Site
  • Syskit Point
  • Releases
    • Syskit Point Cloud
      • May 13, 2025
      • May 06, 2025
      • April 29, 2025
      • April 22, 2025
      • April 08, 2025
      • April 01, 2025
      • March 25, 2025
      • March 18, 2025
      • March 11, 2025
      • March 04, 2025
      • February 25, 2025
      • February 18, 2025
      • February 11, 2025
      • February 06, 2025
      • January 28, 2025
      • January 22, 2025
      • January 14, 2025
      • January 02, 2025
      • December 17, 2024
      • December 10, 2024
      • December 03, 2024
      • November 26, 2024
      • November 19, 2024
      • November 05, 2024
      • October 29, 2024
      • October 22, 2024
      • October 15, 2024
      • October 08, 2024
      • October 01, 2024
      • September 24, 2024
      • September 18, 2024
      • September 02, 2024
      • August 26, 2024
      • August 20, 2024
      • August 12, 2024
      • August 06, 2024
      • July 29, 2024
      • July 23, 2024
      • July 02, 2024
      • June 18, 2024
      • June 04, 2024
      • May 21, 2024
      • May 09, 2024
      • April 23, 2024
      • April 9, 2024
      • March 26, 2024
      • March 12, 2024
      • February 22, 2024
      • February 06, 2024
      • January 19, 2024
      • January 18, 2024
      • December 19, 2023
      • November 30, 2023
      • November 15, 2023
      • November 2, 2023
      • November 2, 2023 - Announcement
      • October 17, 2023
      • October 3, 2023
      • September 21, 2023
      • September 14, 2023
      • September 7, 2023
      • August 23, 2023
      • August 9, 2023
      • July 26, 2023
      • July 12, 2023
      • May 16, 2023
    • Syskit Point Data Center
      • Syskit Point 2025.2
        • Syskit Point 2025.2.90
        • Syskit Point 2025.2.86
        • Syskit Point 2025.2.82
        • Syskit Point 2025.2.78
      • Syskit Point 2024.6
        • Syskit Point 2024.6.73
        • Syskit Point 2024.6.71
        • Syskit Point 2024.6.70
      • Syskit Point 2024.5
        • Syskit Point 2024.5.67
        • Syskit Point 2024.5.65
      • Syskit Point 2024.4
        • Syskit Point 2024.4.60
        • Syskit Point 2024.4.54
        • Syskit Point 2024.4.52
      • Syskit Point 2024.3
        • Syskit Point 2024.3.48
      • Syskit Point 2024.2
        • Syskit Point 2024.2.45
      • Syskit Point 2024.1
        • Syskit Point 2024.1.43
        • Syskit Point 2024.1.41
      • Syskit Point 2023.5
        • Syskit Point 2023.5.39
      • Syskit Point 2023.4
        • Syskit Point 2023.4.1
        • Syskit Point 2023.4.0
      • Syskit Point 2023.3
      • Syskit Point 2023.2
      • Syskit Point 2023.1
        • Syskit Point 2023.1.3
        • Syskit Point 2023.1.2
        • Syskit Point 2023.1.1
        • Syskit Point 2023.1.0
      • Syskit Point 2022.5
        • Syskit Point 2022.5.1
        • Syskit Point 2022.5.0
      • Syskit Point 2022.4
        • Syskit Point 2022.4.1
        • Syskit Point 2022.4.0
      • Syskit Point 2022.3
        • Syskit Point 2022.3.1
        • Syskit Point 2022.3.0
      • Syskit Point 2022.2
        • Syskit Point 2022.2.3
        • Syskit Point 2022.2.2
        • Syskit Point 2022.2.1
        • Syskit Point 2022.2.0
      • Syskit Point 2021.12
      • Syskit Point 2021.11
      • Syskit Point 2021.10
      • Syskit Point 20
      • Syskit Point 19
        • Syskit Point 19.0.2
        • Syskit Point 19.0.1
        • Syskit Point 19.0.0
  • Requirements
    • Permission Requirements
    • Change Log
  • Set Up Point Cloud
    • Overview
    • Free Trial
    • Free Trial Limits
    • Manage Syskit Point Subscriptions
  • Set Up Point Data Center
    • Deployment
      • Overview
      • System Requirements
      • Deploy Syskit Point
      • Connect to Microsoft 365 Tenant
      • Set Up Custom Domain and SSL Certificate
      • Upgrade Syskit Point
      • Azure Networking
    • Activation
      • Activate Syskit Point
      • Free Trial Data Center
  • Licensing & Activation
    • Licensed Users Count
    • Activation Privacy Statement
  • Get to Know Syskit Point
    • The Syskit Point Starter Kit
    • Navigate Through Syskit Point
    • Collect Microsoft 365 Data
  • Microsoft 365 Inventory
    • Microsoft 365 Inventory Overview
    • Explore Your Microsoft 365 Dashboard
    • Sites
    • Microsoft Teams & Groups
    • Users
    • Copilot Readiness
  • Configuration
    • Syskit Point Configuration Guide
    • Assign and Manage Access to Syskit Point
    • Enable Microsoft Teams Activity Tracking
    • Configure Storage Management in Syskit Point
    • Set Up E-Mail
    • Connect Service Account
    • Customize Audit Logs Collection
    • Upgrade SQL to Managed Identity Authentication
    • Enable Power Platform Data Collection
    • Enable Power BI Data Collection
    • Ignore Service Account Activity Tracking
    • Customize License Reports
    • Customize E-Mails
    • Report Data Limits
    • Turn On Auditing
    • Exclude Users from Receiving Governance Tasks
    • Customize Dashboard
    • Customize Syskit Point Appearance
    • Configure Your Environment for Storage Management
    • Save Custom Views
    • Audit for Syskit Point Settings
    • Manage Connection
  • Reporting
    • Overview
    • External Sharing Reports
    • Access Reports
    • Audit Reports
    • Cleanup & Health Reports
    • Licenses Reports
    • Analytics Reports
    • Sensitivity Labels Reports
    • Power Platform Reports
    • Power BI Reports
  • Storage Management
    • Storage Management Overview
    • Free Up Storage
    • Storage Reports
    • Limit Storage Usage
    • Storage Versioning Limits
  • Governance & Automation
    • Syskit Point Tasks
    • Access Review
      • Enable Automated Access Review
      • Create and Apply Access Review Policies
      • Modify Access Review Options
      • Monitor Access Review in Syskit Point
      • Manually Request Access Review in Syskit Point
    • Lifecycle Management
      • Lifecycle Management - Deprecated
      • Identify Inactive Workspaces
      • Enable Lifecycle Management Automation
      • Monitor Lifecycle Management Tasks in Syskit Point
      • Run Lifecycle Management Actions in Syskit Point
    • Policies
      • Set Up Policies
      • Rules
      • Blocked Users with Assigned Licenses
      • Inactive Guest Users
      • Inactive Workspaces
      • Minimum Number of Owners
      • Maximum Number of Owners
      • Orphaned Workspaces
      • Orphaned Users
      • Tenant Storage Limit
      • Workspaces with Too Many Members
      • Workspaces with Shadow Users
      • Private Workspaces Shared with Everyone
      • Workspaces Without a Sensitivity Label
      • Apply Policies
      • Upgrade to Rules
    • Security and Compliance Checks
      • Security and Compliance Checks
      • Inactive Workspaces
      • Orphaned Workspaces
      • Inactive Guest Users
      • Blocked Users with Assigned Licenses
      • Workspaces with Not Enough Owners
      • Orphaned Users
      • Workspaces with Too Many Owners
      • Tenant Storage Limit
      • Workspaces with Too Many Members
      • Workspaces with Shadow Users
      • Private Workspaces Shared with Everyone
      • Workspaces Without a Sensitivity Label
    • Provisioning
      • Set Up Provisioning
      • Enable or Disable Provisioning
      • Register Yammer App
      • Enable Sensitivity Labels
      • Restrict Microsoft 365 Groups Creation
      • Templates
      • Content & Structure
      • Configure Provisioning Failure Notifications
      • Approval Processes
      • Approve/Reject Requests
      • Manage Requests
      • Hide Workspace Name
    • Access Requests
      • Set Up Access Requests
      • Create Access Requests
      • Apply Access Requests
      • Approval Process
    • Metadata
      • Manage Custom Metadata
      • Request Metadata Review
      • Monitor Metadata Review
    • Sensitivity Review
      • Request Sensitivity Review
      • Monitor Sensitivity Review
    • Privacy Review
      • Request Privacy Review
      • Monitor Privacy Review
    • Syskit Point Teams App
    • Schedule Reports
    • Configure Alerts
    • Manage Sensitivity Labels
  • Access Management
    • Track Microsoft 365 External Users and Their Activities
    • Check Access for Specific Microsoft 365 User
    • Copy User Permissions
    • Delete and Restore Users
    • View Permission Changes in Microsoft 365
    • Supervise Microsoft Teams Private Channels
    • Manage Private Channels Access
    • Complete Power Platform Actions
  • Integrations
    • Overview
    • Syskit Point API
    • Webhooks
    • Examples
      • Webhooks
      • ServiceNow
      • Jira
  • FAQ
    • Security
    • Security Self Assessment Questionnaire
    • Storage Management
    • Free Trial
    • Licensing
    • Activation
    • Purchasing and Discounts
    • Customer Terms
    • Privacy and Compliance
    • Partner Program
    • Site Storage Limits
    • Orphaned Users
    • Inactive Users Detection
    • Provisioning - Content & Structure
  • Troubleshooting
    • Export Diagnostic Logs
    • Setup Diagnostic Logs Export
    • Analytics and Usage Report Issues
  • Explore Syskit Point for Site Owners/Collaborators
    • Syskit Point for Collaborators
    • Resolve Governance Tasks
      • My Tasks
      • Complete Access Review Tasks
      • Complete Metadata Review Tasks
      • Complete Privacy Review Tasks
      • Complete Sensitivity Review Tasks
      • Resolve Inactive Workspaces Tasks
      • Resolve Lifecycle Management Tasks
      • Resolve Inactive Guest Users Tasks
      • Resolve Minimum Number of Owners Tasks
      • Resolve Maximum Number of Owners Tasks
      • Resolve Orphaned Workspaces Tasks
      • Resolve Tenant Storage Limit Task
    • Manage Access
      • Manage External Sharing
      • Manage Users
    • Manage Workspaces
      • Request New Workspace
      • Request Workspace Access
      • Manage Workspaces
      • Manage Custom Metadata
    • Reporting
      • Syskit Icons Glossary
      • Inventory Reports
      • Schedule Reports
      • Alerts
      • Cleanup & Health Reports
      • External Sharing Reports
      • Access Reports
Powered by GitBook
On this page
  • Syskit Point Registration > Tenant settings
  • Store Audit Logs Option
  • Protect User Privacy Option
  • Audit Logs Settings
  • Data Retention
  • Point Cloud
  • Point Data Center
  • Exchange Logs
  • Additional information
  • Type of Audit Logs Collected
  • Sign-in Logs from Azure Active Directory
  • Frequency of Audit Log Collection
  • Unified Audit Logs

Was this helpful?

  1. Configuration

Customize Audit Logs Collection

This section describes how to customize the Audit Logs collection using Syskit Point.

PreviousConnect Service AccountNextUpgrade SQL to Managed Identity Authentication

Last updated 1 year ago

Was this helpful?

Audit Logs are available in the Security & Compliance plan and higher tiers. See the for more details.

Audit logs can provide you with insights into all activities related to the user and administration activities in your Microsoft 365 environment. The Audit Logs contain information on activities within your organization related to groups, documents, permissions, directory services, and much more.

Users that are assigned Syskit Point Admin role can configure activities that are going to be collected in these locations:

  • Syskit Point Registration > Tenant settings

  • Audit Logs section in Settings

Syskit Point Registration > Tenant settings

After registering Syskit Point, on the Connect tenant step, you have the following audit options on disposal:

  • Store audit logs (1)

  • Protect user privacy (2)

Please note! You can change these settings by managing your tenant connection in Settings > General > Connected Tenant.

Store Audit Logs Option

By default, the Store audit logs option is enabled, meaning that Syskit Point will process and store the audit logs to your Azure Cosmos DB account.

Tip! You can change the Audit Logs settings after the initial connection by managing your tenant connection in Settings > General > Connected Tenant.

Protect User Privacy Option

Turning this option on results in the following:

  • User activity data, such as file and permissions changes, will be hidden and protected from Administrator supervision

    • User Activity report will be hidden from Syskit Point user interface

    • Access to the File and Page Activities report will be hidden

    • Summary data in the Analytics & Usage tile will remain visible but cannot be drilled to access data for a specific user

  • User activity data will, however, be collected and stored

Please note! User activity data continues to be collected and stored to be readily available, if needed, in case of a security incident.

The following rules apply regarding the User Privacy option:

  • By default, this option is turned off

  • The option can be set for each tenant connected with Syskit Point independently

  • Changing the option is possible through the Manage Connection button in the Syskit Point Settings > General > Connected Tenant screen

Please note! The Protect user privacy option is disabled automatically if the Store audit logs option is turned off.

Audit Logs Settings

Audit log settings can also be configured after the initial configuration of Syskit Point. To do so:

  • Open the Settings screen

  • Navigate to the Audit > Audit Logs (1) page

Here, you can:

  • Turn the storage of Audit Logs on or off (2)

  • Select activities to collect (3)

  • View the number of events (4) in the Audit Index

Audit logs activities that are being collected can be found by clicking the Select activities to collect (3) link.

A new dialog opens, showing all audit log categories and activities available in Syskit Point. Here you can:

  • Use the Select All option to enable the collection of all available activities (1)

  • Adjust which audit log categories will be collected by clicking the checkbox (2) next to a category

  • Expand categories (3)

  • Mark only specific activities within a category to be collected (4)

  • Confirm your changes by clicking the OK button (5) and Save button on the Audit Logs screen.

Available audit log categories:

  • Application administration activities

  • Azure AD group administration activities

  • Data governance

  • Directory administration activities

  • Exchange admin activities

  • Exchange mailbox activities

  • File and page activities

  • Folder activities

  • Microsoft Forms

  • Microsoft Power Automate

  • Microsoft Stream

  • Microsoft Teams activities

  • Power Apps activities

  • Power BI activities

  • Role administration activities

  • SharePoint list events

  • Sharing and access request activities

  • Site administration activities

  • Site permissions activities

  • Synchronization activities

  • User activities

  • User administration activities

Data Retention

Point Cloud

By default, audit logs data retention is set to 1 year in Syskit Point Cloud.

To find the information on how long the Audit logs are stored for you:

  • Navigate to Settings > Audit > Audit Logs

  • Find the info section where the audit logs storage period is visible (1)

Purchased audit logs storage period will be added to the default period of 1-year audit log storage. For example, if you purchased 2 years of additional storage, your audit logs will be stored for 3 years.

Point Data Center

When audit log data retention is enabled and set up, Syskit Point will delete audit logs that are older than the specified timeframe.

This option is disabled by default.

Go to the General Settings screen in your Syskit Point to enable it.

  • Navigate to the Audit section > Audit Logs (1) page

  • Select the checkbox next to Remove old audit Logs from Syskit (2)

  • Choose the amount of time (3) that should pass for audit logs to be deleted

    • Once set up, audit logs that are older than the timeframe you select will be deleted

  • Click Save (4) to finalize

Exchange Logs

Please note! By default, Exchange logs are not collected; at least one Exchange activity must be selected for Syskit Point to start collecting and storing Exchange log data.

To select Exchange activities:

  • Open the Select activities to collect dialog in Audit settings

  • Choose from two available categories:

    • Exchange admin activities (1)

    • Exchange mailbox activities (2)

  • Click OK to confirm

Please note! It can take up to 30 minutes for Syskit Point to collect Exchange log data.

To view collected Exchange logs, use the Exchange Logs report available in the Report Center.

Additional information

Type of Audit Logs Collected

Sign-in Logs from Azure Active Directory

Frequency of Audit Log Collection

Syskit Point checks for and collects new audit logs every 15 minutes. Note that it can take up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.

Unified Audit Logs

You can purchase additional years of audit logs storage by contacting our Sales team.

Syskit Point collects audit logs accessible in the unified audit log. Out of the box, you can review the audit logs from the . You can additionally .

Azure Active Directory shows all sing-ins performed by users, service principals, apps, and Azure resources. Syskit Point does not collect Azure Active Directory sign-in logs. Syskit Point collects unified audit logs, which contain a subset of said logs related to Microsoft 365 and are visible in the .

You can find additional information about unified audit logs in the .

Contact us
Microsoft 365 compliance center
customize for which activities Syskit Point will collect audit logs
Microsoft 365 compliance center
following Microsoft's article
pricing page
Connect Tenant step
Audit Logs Settings
Select activities to collect screen
Audit logs storage period
Data retention for audit logs
Exchange log categories