Overview
Audit Trail tracks changes in activity settings made by Users and Administrators.
Access path
On the inSync Management Console menu bar, click Audit Trails.
User Audit Trail
Overview
User Audit Trail displays the activities made by users over a selected time period. The following table lists the user activities that you can filter according to the activity types.
π Note
βIf users prevent administrator access to their data, the administrators cannot search and view information on the files or folders that users download or restore. For more information, see Configure the user data privacy policy.
View user activities
To view user activities:
On the inSync Management Console menu bar, click Audit Trails.
Click the User Audit Trail tab.
In the User section, enter the email IDs of the users you want to filter the audit trail for. You can enter multiple comma-separated valid email IDs. The activity trail for invalid email IDs will not be displayed.
In the Activities related to list, click the filter that you want to apply. The list of activities and related filters is listed below.
All - Displays all activities of users. For example, device replacement details.
Note: Files & Folders (additional) activities will not be displayed.Access & Backup - Select the required filters to view the details of the following activities related to Access & Backup.
Mobile Access - Activities where users accessed backup data by using their mobile.
Unauthorized Access - Activities where users tried to access inSync from outside of your corporate network.
Data Downloaded - Activities where users downloaded backup data.
Data Restored - Activities where users restored data backed up from the device to a specific location.
Collaborator - Select the required filters to view the details of the following activities related to Collaborator.
Added - Activities where users were added to the list of collaborators for a shared folder.
Removed - Activities where users were removed from the list of collaborators for a shared folder.
Permission changed - Activities where permissions for a collaborator on a folder were changed.
Files & Folders - Select the required filters to view the details of the activities related to Files & Folders.
Folder Shared - Activities where users shared folders by using inSync Share.
Folder Un-shared - Activities where users stopped sharing previously shared folders.
Folder Synced - Activities where users synced shared folders.
Folder Un-synced - Activities where users un-synced shared folders.
Downloaded - Activities where users downloaded folders by using inSync Share
Restored - Activities where users restored folders by using inSync Share.
Purged - Activities where users purged folders by using inSync Share.
Files & Folders (Additional) - Select the required filters to download the details of the activities related to Files & Folders (Additional).
Added - Activities where users added files & folders.
Deleted - Activities where users deleted files & folders.
Files Edited - Activities where users edited files.
Note: These activities are not displayed on the activities page and can be downloaded only.
Links - Select the required filters to view the details of the activities related to Links.
Created/Shared - Activities where users created or shared a download link for a file.
Edited - Activities where users edited a download link for a file.
Viewed - Activities where users viewed a download link for a file.
Downloaded - Activities where users downloaded link for a file.
Deleted - Activities where a user deleted a download link.
Expired - Activities where a download link stopped being active.
Workspace - Select the required filters to view the details of the activities related to Workspace.
Synced - Activities where a user synced a workspace.
Un-synced - Activities where a user un-synced a workspace.
In the Time Period list, select the period for which you want to view the list of user activities.
Click View. The activity results for the filters applied will be displayed. By default, no activities will be displayed.
Download or view user audit trail
As an administrator, you can download the user audit trail in HTML or CSV format. Cloud administrators can view and download audit trail of all users. However, profile administrators can view and download user activity of only those profiles that are assigned to the profile administrator. Additionally, users who have data protection officer role & view only role can view and download the user audit trail.
To download or view user audit trail:
On the inSync Management Console menu bar, click Audit Trails.
Click the User Audit Trail tab.
In the Activities related to list, click the filter that you want to use.
In the Time Period list, click the period for which you want to view the list of user activities.
In the Download list, click the file format in which you want to download the data about user activity.
Click View to view the audit trail activity results.
The downloaded file is saved at the default download location of your web browser.
User Audit Trail report details
HTML format sample report
Field | Description |
Generated | Date and timestamp when the report is generated. |
Activities | Activity type for which the report is generated. |
Interval | The time period selected to generate the report. |
Time Zone | The time zone for the country that is selected. |
Audit Trail | The audit trail for which the report is generated. |
Username | Username of the user who performed the activity. |
Email ID | Email ID of user who performed the action. |
Activity | The activity type the user selected to perform. |
Item | Details of the files/folder/User/device on which event is performed. |
IP Address/ Device | User's public IP address is logged if the activity is performed from inSync Web.
Devices name is logged if the activity is performed from a Client device. |
Time | Timestamp when the activity is performed. |
Details | Details of the activity performed. |
Time period filter
The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period for users is 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.
To view user activities for more than 30 days, you must change the audit trail retention policy for the users.
π Note
β User audit trail for File & Folder (additional) activities will be retained for 3 months only.
Administrator Audit Trail
Overview
Administrator Audit Trail displays the activities made by administrators over a selected time period. The following table lists the administrator activities that you can filter according to the activity types.
Filter | Activity types |
All Activities | All activities of all administrators. |
Profile | All profile-related activities that an administrator performs. |
User | All user-related activities that an administrator performs. |
Storage | All storage-related activities that an administrator performs. |
Administrators | All administrator-related activities that an administrator performs. |
Roles | All role-related activities that an administrator performs. |
CloudCache Mappings | All CloudCache mapping-related activities that an administrator performs. |
Devices | All Devices-related activities that an administrator performs. |
Restore & Share | All restore and share-related activities that an administrator performs. |
Settings | All settings-related activities that an administrator performs. |
CloudCache | All CloudCache-related activities that an administrator performs. |
Unauthorized Access | All attempts by administrators to access inSync Management Console from outside corporate network. |
SaaS Apps | All SaaS Apps related activities that an administrator performs. For example, enable or disable backup for Exchange Online. |
SharePoint Online | All SharePoint Online-related activities that an administrator performs. |
Microsoft Teams | All Microsoft Teams related activities that an administrator performs. |
Slack | All Slack related activities that an administrator performs. |
Others | All other activities that an administrator performs. |
Federated Search Logs | The following administrator activity logs from Federated Search can be searched in Admin Audit Logs:
|
View administrator activities
To view administrator activities
On the inSync Management Console menu bar, click Audit Trails.
Click the Admin Audit Trail tab.
In the Activities Type list, click the filter that you want to use.
In the Administrator list, click the administrator whose activities you want to view.
In the Time Period list, click the period for which you want to view the list of administrator activities.
Time period filter
The administrator activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list time period is dependent on how the audit retention period is configured. By default, the audit retention period for an administrator is to 30 days and the options available in the Time Period list are Today, Last 7 days, and Last 30 days. By default, the time period is set to Last 7 days.
To view user activities for more than 30 days, you must change the audit trail retention policy for the administrator.
Download or view the list of administrator activities
You can download the list of administrator activities in either HTML or CSV format.
To download the list of administrator activities
On the inSync Management Console menu bar, click Audit Trails.
Click the Admin Audit Trail tab.
In the Activities by Type list, click an administrator activity that you want to view.
In the Administrator list, click the administrator whose activities you want to view.
In the Time Period list, click a period for which you want to view the administrator activity.
If you want to download the admin audit trail in HTML format, click Download > Download HTML.
If you want to download the admin audit trail in CSV format, click Download > Download CSV.
Click View to view the audit trail activity results.
The list of administrator activities is downloaded on your computer in the format that you selected.
Admin Audit Trail report details
HTML format sample report
CSV format sample report
Field | Description |
Generated | Date and timestamp when the report is generated. |
Activities | The activity for which the report is generated. |
Administrators | Administrator name who performed the activity. |
Interval | The time period selected to generate the report. |
Time Zone | The time zone for the country that is selected. |
Audit Trail | The audit trail for which the report is generated. |
Administrator Name | Name of the administrator who performed the activity. |
Activity | The activity type the administrator selected to perform. |
Details | Details of the activity performed. |
Time | Timestamp when the activity is performed. |
Configure audit trail retention policy
Overview
With the audit trail, you can track the operations of users and administrators. Audit trail records are retained based on the audit trail retention policy. By default, the audit retention period for a user and an administrator is 30 days.
The user activities list is displayed based on the duration that you select in the Time Period list. The options available in the Time Period list is dependent on how the audit retention period is configured. By default, the audit retention period is 30 days. The options available in the Time Period list are the following:
Last 30 days
Last 3 months
Last 6 months
Last 1 year
Ever
If you change the default retention period to 6 months, the changes will immediately reflect in the time period list of the administrator. You will now see 6 months added to the list in addition to the already available options.
If you want to retain audit trails forever, select Ever from the drop-down list.
Configure the audit trail retention policy for administrator activities
To configure the admin audit trail:
On the inSync Management Console menu bar, click > Settings.
Click the Data Governance tab, and then click Edit. The Edit Settings window appears.
In the Retain admin audit trailfor list, click the duration for which you want to retain the audit trail. The default retention period is 30 days.
Click Save.
For more information on the administrator audit trail, see View audit trails for administrators.
Configure the audit trail retention policy for user activities
To configure the user audit trail
On the inSync Management Console menu bar, click > Settings.
Click the Data Governance tab, and then click Edit. The Edit Settings window appears.
In the Retain user audit trail for list, click the duration for which you want to retain the audit trail. The default retention period is 30 days.
Click Save.
π Note
β User audit trail for File & Folder (Additional) activities will be retained for 3 months only.
For more information on user audit trail, see View audit trails for users.