Audit log

The audit log gives you a searchable record of security-relevant events. Use it when you need to confirm who launched a session, who approved it, or what changed in the tenant configuration.

Events you should expect

• Session start and end
• Credential access
• Admin mutations
• MFA events
• Approval decisions

How to view it

Open the audit log in the console and filter by user, date range, or event type. The log is designed to answer both operational questions and audit evidence requests.

Export and retention

When you need a copy for a reviewer or auditor, export the log as CSV. Retention is governed by policy, so confirm the retention window before you promise how far back an investigation can go.

The ingestion path uses audit-evidence-service, which keeps the audit trail aligned with the rest of the tenant evidence workflow.

Related articles

• What is a Recording?
• Security & Compliance

This article has moved

This article has been moved to Audit log under the Audit and Reporting section. This copy is retained to avoid broken links and will be removed in a future cleanup.