From the audit result, if you double-click a line and then click “More information”, here is what you see :
Figure: audit log results detail panel after clicking “more info”
Which is great! A lot of useful information in there!
However, if you export the Audit result, here is what you get :
Figure: audit log results exported to excel
The whole “More information” data is a single column !!
It is indeed easy to format but requires extra work, and is not ideal.
Suggestion: make these information extra columns in the export!
Consider this search result:
Figure: audit log results
When I click on “Details” (or double click), I can see :
Figure: audit log results detail panel
This is terribly misleading ! The source is displayed as “/Shared Documents/xxx”, which I assumed being “sswcom.sharepoint.com/Shared Documents/xxx”, but is in fact “sswcom.sharepoint.com/sites/SSWNetworkAdmins/Shared Documents/xxx”. The displayed path is indeed relative, but relative to the site collection, not the whole tenant. Which is misleading in a “unified” log (where results can come from pretty much any site collection).
Suggestion: I would love to have options to:
- See the source Site Collection
- Filter down & sort by Site Collection
The “File, Folder or Site” box shouldn’t a simple text filter.
Say I want to have results for my root site only (sswcom.SharePoint.com) – without subsites (say, sswcom.SharePoint.com/sysadmins), I have currently no way of doing it. Searching for “sswcom.sharepoint.com” will give me results that are in subsites or pretty much anything that includes “sswcom.sharepoint.com”.
Suggestion: Either implement “smart” search with the keyword (E.g. “sswcom.sharepoint.com” AND (NOT “sswcom.sharepoint.com/sysadmin”)) OR add a multi-select dropdown to pick the sources (sites, subsites, teams, etc…)
Figure: “file, folder or site” filter box at the bottom of search criteria
Office 365 dates seem to be too simple. Audit data should be crystal clear (as detailed as possible).
I find audit history on Office365 to be lacking E.g. sswcom.sharepoint.com
It certainly is less useful than Sharepoint 2016 as dates were shown better.
I searched for a record on the 2 lists and here is what I see:
Eg. sswcom.sharepoint.com show me last activity as Friday at 2:15 PM
Eg. intranet.ssw.com.au show me last activity as Created at 9/03/2018 5:06 PM
I find it less useful as it doesn’t tell me the date it was created on. I would prefer to have something like “2 days ago at 2:15 PM (Friday 9/03/2018)”
PS: This is very simple to do with Moment.js
Figure: Office365 – Audit data
Figure: SharePoint 2016 – Audit data