SharePoint Management Shell/Central Administration Auditing
Currently, when an administrator performs an action in the Management Shell/Central Administration, most of the data regarding who and what action took place is not recorded. This makes auditing impossible when there are multiple administrators managing the farm. I would propose putting auditing controls in for the SharePoint Management Shell and Central Administration, to record who and what changes were made.


Thank you for your input. We are investigating the options for enabling this. However, there is unfortunately nothing on the immediate road map.
18 comments
-
Fouad Chahin commented
A user has deleted a site at our tenant within SharePoint and we are unable to view who has done this and we would like further support and assistance to enable this feature
-
Dean Gross commented
When can we expect this to become available in SPO/O365. The combined audit log does not contain very many admin activities and is essentially useless for auditing and investigation purposes.
-
Anonymous commented
examples expecting in audit log
- SPO tenant setting changes
- site creation, deletion, rename
- enable /disable sharing on sites (it takes more as 4 days prio A case to find when happen)
- change , add primary,secondary site admin
- enable,disable scripting
- mange hub site tasks
- quota changesSome information are in the compliance center audit log where a SPO admin has no access in some companies.
-
Trevor Seward commented
Anonymous... :) I've had extensive conversations with the PG directly on this topic; don't worry, they do fully understand the request. It's a complicated solution and goes above and beyond 'just implement some logging'.
-
Anonymous commented
Guys, the request is not that hard to understand... Obviously it would be for auditing purposes, and just make it easy to use and find! 9_9
-
dom commented
This is rolling out. Please update: https://blogs.office.com/2016/11/08/feature-pack-1-for-sharepoint-server-2016-now-available/
-
Star D. commented
Extending this to other areas of O365 Admin would be great too.
-
Star D. commented
Just want to add that I too agree with Trevor, as well the points brought up by Tony, Daniel, Dean, Rajkumar and Thuan.
-
Tony Rockwell commented
Compliance for many organizations is getting huge, and with that comes auditing. Why allow auditing of user actions and NOT provide easy auditing of Administrator actions? This just makes sense from a business perspective. Trevor points out exactly what everyone needs: "I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator."
-
cacallahan commented
I agree with Trevor. With the power that Central Administration wields, it would be great to be able to surface an audit of who made what change and when. I for one, would also love having it surfaced in the UI, so consider my vote to be VERY important (which you don't have but maybe is a 5?)
-
Trevor Seward commented
The idea would be to audit actions taken place on SharePoint objects, similar to the AuditLog/EventCache we have today, but more detailed. If I ran '$wa = Get-SPWebApplication https://webAppUrl;$wa.AlertsEnabled = $true;$wa.Update()`, I would want that string recorded to a log with a date/timestamp and username attached to it and if the command encountered an error or not. This would go to a queryable database (through the OM or T-SQL); such a structure could be simply a datetime: occurred on, nvarchar(255): username, nvarchar(MAX): action/cmdlet/script run, bit: success/error during cmdlet execution, uniqueidentifier: CorrelationId, if applicable. UX would be the least important (1), I'd be happy with a CSV export from a Get-SPAdminActionLog. Centralized Log location would be a must (5). If there is an option to clear the log, then much like the Windows Event Log, I would want that to be the first action recorded with the administrator's name attached to it. Ultimately, what I want is to be able to tell which administrator took such an action against an object in order to place responsibility with that administrator. Right now, I simply cannot do that with ease, or at all depending on the scenario. SharePoint Insights will not always be appropriate for this -- this needs to be available on farms that do not have any sort of Internet access or for companies who do not have O365 Subscriptions.
-
Dean Gross commented
This is needed in SPO also
-
Rajkumar Yeldurthi commented
I do support this idea, nice to have it OOB.
-
HW commented
Agree with Trevor.. :)
-
Daniel C. Kline commented
Absolutely. SharePoint is big enough that I frequently am overdrawn at the memory bank. A little augmented memory would be awesome.
-
Sai Vamsy Palakollu commented
Makes sense!
-
Thuan Ng commented
Totally agreed with Trevor. In enterprises especially who outsource IT resource, there are many people touching one farm even we have governance plan. It's much better to have an auditing feature that capture changes made in SharePoint admin content database and configuration.
-
Roger Cormier commented
I have several customers who are jumping through hoops to artificially add this functionality to SharePoint 2013. It's a very common ask.