Introduction to Auditing in DeliverPoint
DeliverPoint version 5.0.0.0 introduces powerful new auditing features designed to help administrators track and monitor permission changes and sharing link usage within their SharePoint environment. These enhancements not only offer more control over your environment but also improve security and compliance by enabling detailed visibility into permission management and link activity.
Before you can begin using these new auditing features, there are a few prerequisites that need to be in place. Users must have the appropriate roles within Microsoft Purview to generate the reports and access the necessary data.
Prerequisites
To use these auditing features, the user must meet the following requirements:
- Permissions: The user must have either the Compliance Administrator or Global Administrator role in their tenant.
- Microsoft Purview Access: The user must have access to Microsoft Purview to create and manage auditing jobs.
- Microsoft Graph API permission: This feature requires the AuditLogsQuery.Read.All Microsoft Graph API permission to be approved via the Entra portal.
- Audit Jobs Limit: A maximum of 10 active Microsoft Purview audit search jobs can be run at the same time (created by the user). If this limit is exceeded, report generation will fail.
- Audit Log Retention: The default retention period for audit logs in Microsoft Purview is 180 days. You will need to consider this when selecting your date range for the reports.
Once these prerequisites are met, you can explore the new auditing reports: Audit Permission Changes Report and Audit Sharing Links Usage Report. Each of these reports provides valuable insights into different aspects of SharePoint usage.
Accessing the Auditing Reports in DeliverPoint
To access the auditing reports:
- Open the DeliverPoint dashboard.
- Navigate to the "Schedule" tab in the main menu.
- Under the "Auditing" section within the "Schedule" tab, you’ll find the three report options covered in this article:
- Audit Permission Changes
- Audit Sharing Links Usage
- Activity Auditing Reports
Audit Permission Changes Report
This report provides insights into changes related to SharePoint permissions. It helps track and monitor changes such as role assignments, permission inheritance adjustments, and group membership modifications.
Key Features of the Audit Permission Changes Report
- Role Assignment Changes: Monitors changes in role assignments within the selected scope.
- Permission Inheritance Changes: Identifies when permission inheritance is broken or restored.
- Group Member Changes: Tracks changes in SharePoint Group and Entra Group memberships.
- Sharing Link-related Changes: Includes the creation, removal, and updating of sharing links.
- Entra Group Member Changes
- Site Collection Administrator Changes
How to Generate the Audit Permission Changes Report
- Navigate to the DeliverPoint Dashboard and select the "Schedule" menu.
- Select Audit Permission Changes Report.
- Specify your Report Settings:
- Start Date: Either use an offset from the current date or set an exact date.
- End Date: Similarly, either set an offset or use an exact date.
- Scope: By default, the scope will be the current site you’re on, but you can select a different scope using the DeliverPoint Treeview.
- Additional Settings: Choose which types of changes to include (role assignments, permissions, group membership, etc.).
- Click Generate Report.
.png)
Viewing the Report
Once the report is generated, it will appear under the Activity Auditing Reports page. You can view its status and open or export it once it's ready.
Audit Sharing Links Usage Report
This report allows you to monitor the usage of sharing links within your SharePoint environment. It tracks who accessed which links, when they were accessed, and what type of link was used.
Key Features of the Audit Sharing Links Usage Report
- Link Usage: Monitors who used a sharing link and when.
- Link Types: Tracks whether the link was an organisation link, secure link, or anyone link.
- Access Details: Displays the user, the date of access, and the IP address used to access the link.
How to Generate the Audit Sharing Links Usage Report
- Navigate to the DeliverPoint Dashboard and select the "Schedule" menu.
- Select Audit Sharing Links Usage Report.
- Specify your Report Settings:
- Start Date: Either use an offset from the current date or set an exact date.
- End Date: As with the start date, either set an offset or use an exact date.
- Scope: By default, the scope will be the current site you’re on, but you can select a different scope using the DeliverPoint Treeview.
- Additional Settings: Choose to include list links, item links, folder structure details, and sensitivity labels.
- Click Generate Report.
.png)
Viewing the Report
The report will appear under the Activity Auditing Reports page once it's ready. Similar to the Audit Permission Changes Report, you can track its status and open it from here.
Managing Activity Auditing Reports
Once an activity auditing report is generated, it will remain available for 30 days. After this period, it will be automatically deleted by Microsoft Purview. If you need to keep a report for longer, you can export it using the DeliverPoint Actions menu.
To manage and view previously generated reports, follow these steps:
- Navigate to Activity Auditing Reports.
- View the List of Reports:
- Id: The ID of the report, which you can click to view its settings.
- Open: A button to open the results of the report.
- Scope: The scope selected for the report (site, list, item).
- Status: Whether the report is completed, failed, or still running.
- Range Start and End: The time range for the report.
- Created: The creation date of the report.
.png)
Important Notes
- Activity auditing reports will be available for 30 days after they are completed. After this period, they will be automatically deleted by Microsoft Purview. If you need to retain reports for a longer duration, you can export them via the DeliverPoint Actions menu.
- Each report generates one Microsoft Purview audit search job, except for the Permission Auditing Report, which may create two jobs if it needs to retrieve both Entra group membership and SharePoint permission changes.
- Log entries are not available for more than 180 days (default retention period) from the audit log in Microsoft Purview. Be mindful of this when selecting the date range.