eDiscovery and Audit Logs

Before we talk about Audit logs, this episode of the eDiscovery Channel, featuring James Province from Microsoft, is worth highlighting. James does a deep dive into Purview eDiscovery and also discusses other tools and their roles in eDiscovery.

One of the tools he mentions is the Audit log, and I agree. It can be difficult in SharePoint and OneDrive to determine who saw a document and who didn’t, because there are often so many changes being made at once. It’s easy to get lost in an avalanche of versions and permissions that leave doubt as to whether something was even shared with a user during the time in question.

That’s where the audit log comes in. However, just because events are logged doesn’t mean they will still be there months from now. If you’re in a highly litigious industry, the retention and preservation of audit log data might be something worth considering.

If you’re not familiar with the Audit log, this session from the International Data Security User Group with Purav Desai might be helpful. Purav talks about something I also had to do when trying to understand what was available in the audit log: use it to track my own activities. That makes sense, you know what you have done, there’s no better way to see how your activities show up in the logging!

By the way, while I’m recommending things today, check out the International Data Security User Group on LinkedIn. They are creating a very informative space for anyone living in the Microsoft Purview world. The next session is Tuesday, get signed up.

 Share this post on social media.