License Editions: For license details, see Plans & Pricing.
Overview
User Audit Trail displays the activities made by users over a selected time period. The following table lists the user activities that you can filter according to the activity types.
Audit Trail tracks changes in activity settings made by Users and Administrators.
📝 Note
If users prevent administrator access to their data, the administrators cannot search and view information on the files or folders that users download or restore. For more information, see Configure the user data privacy policy.
View user activities
To view user activities:
On the Endpoints/ Microsoft 365/Dynamics 365/Google Workspace Console menu bar, click Audit Trails.
Click the User Audit Trail tab.
In the User section, enter the email IDs of the users you want to filter the audit trail for. You can enter multiple comma-separated valid email IDs. The activity trail for invalid email IDs will not be displayed.
In the Activities related to list, click the filter that you want to apply. The list of activities and related filters is listed below.
All - Displays all activities of users. For example, device replacement details.
Note: Files & Folders (additional) activities will not be displayed.Access & Backup - Select the required filters to view the details of the following activities related to Access & Backup.
Unauthorized Access - Activities where users tried to access inSync from outside of your corporate network.
Data Downloaded - Activities where users downloaded backup data.
Data Restored - Activities where users restored data backed up from the device to a specific location.
Compliance - Displays all the compliance related activities.
In the Time Period list, select the period for which you want to view the list of user activities.
Click View. The activity results for the filters applied will be displayed. By default, no activities will be displayed.
Download or view user audit trail
As an administrator, you can download the user audit trail in HTML or CSV format. Cloud administrators can view and download audit trail of all users. However, profile administrators can view and download user activity of only those profiles that are assigned to the profile administrator. Additionally, users who have data protection officer role & view only role can view and download the user audit trail.
To download or view user audit trail:
From the User Audit Trail tab, click the filter that you want to use.
In the Time Period section, click the period for which you want to view the list of user activities. Apply the Filters.
Click the Download as CSV to download the log in CSV format. Select Download as HTML to download the activity log in HTML format.
The downloaded file is saved at the default download location of your web browser.
User Audit Trail report details
Field | Description |
Generated | Date and timestamp when the report is generated. |
Activities | Activity type for which the report is generated. |
Interval | The time period selected to generate the report. |
Time Zone | The time zone for the country that is selected. |
Audit Trail | The audit trail for which the report is generated. |
Username | Username of the user who performed the activity. |
Email ID | Email ID of user who performed the action. |
Activity | The activity type the user selected to perform. |
Time | Timestamp when the activity is performed. |
Details | Details of the activity performed. |
Time period filter
The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period for users is 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.
To view user activities for more than 30 days, you must change the audit trail retention policy for the users.
📝 Note
User audit trail for File & Folder (additional) activities will be retained for 3 months only.
Administrator Audit Trail
Overview
Administrator Audit Trail displays the activities made by administrators over a selected time period. The following table lists the administrator activities that you can filter according to the activity types.
Filter | Activity types |
Generated | Date and timestamp when the report is generated. |
Activities | Activity type for which the report is generated. |
Administrators | Name of Administrator |
Interval | The time period selected to generate the report. |
Time zone | The time zone for the country that is selected. |
Administrator Name | The name of Administrator who initiated the activity |
Activity | Activity performed on respective section. |
Details | Details of activity performed. |
Time | Timestamp when the activity is performed. |
View administrator activities
To view administrator activities
Click the Admin Audit Trail tab.
In the Activities Type list, click the filter that you want to use.
In the Administrator list, click the administrator whose activities you want to view.
In the Time Period list, click the period for which you want to view the list of administrator activities.
Time period filter
The administrator activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list time period is dependent on how the audit retention period is configured. By default, the audit retention period for an administrator is to 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.
To view user activities for more than 30 days, you must change the audit trail retention policy for the administrator.
Download or view the list of administrator activities
You can download the list of administrator activities in either HTML or CSV format.
To download the list of administrator activities
From the Administrator Audit Trail tab, click the filter that you want to use.
In the Time Period section, click the period for which you want to view the list of user activities. Apply the Filters.
Click the Download as CSV to download the log in CSV format. Select Download as HTML to download the activity log in HTML format.
The list of administrator activities is downloaded on your computer in the format that you selected.
Admin Audit Trail report details
Field | Description |
Generated | Date and timestamp when the report is generated. |
Activities | The activity for which the report is generated. |
Administrators | Administrator name who performed the activity. |
Interval | The time period selected to generate the report. |
Time Zone | The time zone for the country that is selected. |
Audit Trail | The audit trail for which the report is generated. |
Administrator Name | Name of the administrator who performed the activity. |
Activity | The activity type the administrator selected to perform. |
Details | Details of the activity performed. |
Time | Timestamp when the activity is performed. |
Configure audit trail retention policy
Overview
With the audit trail, you can track the operations of users and administrators. Audit trail records are retained based on the audit trail retention policy. By default, the audit retention period for a user and an administrator is 30 days.
The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period is 30 days. The options available in the Time Period list are the following:
Last 30 days
Last 3 months
Last 6 months
Last 1 year
Ever
If you change the default retention period to 6 months, the changes will immediately reflect in the time period list of the administrator. You will now see 6 months added to the list in addition to the already available options. If you want to retain audit trails forever, select Ever from the drop-down list.
Configure the audit trail retention policy for administrator activities
To configure the admin audit trail:
On the Endpoints/ Microsoft 365/ Google Workspace menu bar, click > Settings.
2. Select the “Endpoints & SaaS Apps Settings”, and then check for “Audit Trail Retention Policy” . Click on ‘Pencil Icon (Edit)’
3. In the Retain admin audit trail for list, select the duration for which you want to retain the audit trail and click Save. The default retention period is 30 days.
For more information on the administrator audit trail, see View audit trails for administrators.
Configure the audit trail retention policy for user activities
To configure the user audit trail
On the Endpoints/ Microsoft 365/ Google Workspace console menu bar, click > Settings.
Click the Data Governance tab, and then click Edit. The Edit Settings window appears.
In the Retain User Audit Trail for list, click the duration for which you want to retain the audit trail. The default retention period is 30 days.
Click Save.
📝 Note
User audit trail for File & Folder (Additional) activities will be retained for 3 months only.
For more information on user audit trail, see View audit trails for users.