I am still often surprised about lot of Office 365 users who are not aware of the existence of Office 365 auditing, and who still rely mainly on SharePoint Audit Logs. Office 365 admin audit logs is a feature available through the security and compliance center, needs to be turned only once per tenant, and it can be a real life saver in the situations where you need to prove/audit user activity on your tenant.
For all my SharePoint people: this feature can to a great deal replace what you were doing with SharePoint Audit logs. You will get standard events covered – file and list item actions, site actions etc, but you will also get data outside of SharePoint there. Think of OneDrive – you will also want to know what happens with these. Especially since Teams store the files from the private chats into OneDrive, this is a way how you can – at least partly – get insights what is going in your Microsoft Teams.
Another huge advantage of the Office 365 admin audit logs over SharePoint Audit logs is that you need to turn them only once per tenant, not such with SharePoint per site collection. Since Site Collections are in modern SharePoint Online mainly created through self-service operations, such as Group and Team creation, you, as a SharePoint admin, cannot really “run after” those site collections and turn the audit logs as they are being created (sometimes in thousands!). This is one problem that Office 365 auditing solves.
True, there are some issues with Office 365 auditing – sometimes it is clumsy to search, it is not context-specific (you always need to drill down from the top), and the logs are stored for 3 months for most of the Office 365 plans. There are ways around all these issues – SysKit has created a product that solves all those issues, but your first step as a modern Office 365 / SharePoint online Admin is to actually get acquainted with Office 365 auditing and Office 365 admin audit logs, and to see what they are offering.
For more info, read the article of my colleague Tomislav Kunaj, which offers a deep dive into Office 365 auditing and shows all the facets of the Office 365 admin audit logs: https://blog.syskit.com/audit-logs-on-office-365 Furthermore, SysKit Security manager impoves by far the standard Office 365 Auditing functionality with unlimited time keeping audit log, contextual auditing and much more – take a short look here: https://blog.syskit.com/level-up-your-office-365-auditing-with-syskit-security-manager