Here are the steps to enable auditing in SharePoint Online:
- Log in to the SharePoint admin center as a global administrator or SharePoint administrator.
- Click on “Policies” in the left-hand menu.
- Click on “Audit log trimming” and select “On” to enable auditing.
- Click on “Audit log reports” and select “On” to enable audit log reports.
- Under the “Audit log trimming” section, you can set the number of days to keep audit log data.
- Under the “Audit log reports” section, you can choose which events to audit. By default, all events are audited.
- To view audit logs, go to the Office 365 Security & Compliance Center and click on “Search & investigation” in the left-hand menu.
- Click on “Audit log search” to search for audit log events.
- Use the search criteria to filter the results and then click on “Search”.
By enabling auditing in SharePoint Online, you can track activity in your SharePoint sites, including file and folder access, user and group permissions changes, and content changes. This can help you detect and investigate suspicious activity and meet regulatory compliance requirements.