Disable Admin Audit Log in Office 365 : A Troubleshooting Guide Over It
“Recently, my enterprise activated audit log in Microsoft Office 365 compliance center. At the starting stage, we were excited to work with this feature but, got nervous with the slowing down performance of our system. Things are not working in the way it should work and thus, we decided to disable admin audit log in Office 365. However, I cannot find any Stop kind of button so, can anyone assist me with the same?”
Prior to the searching of Office 365 audit log feature, an administrator should turn-on the feature of audit logging. When this feature is activated in Office 365 Security and Compliance Center, users and administrators business operations are recorded in the audit log and then, retained for 90 days. However, a situation might occur when your firm does not desire to make use of audit log in Office 365. They might prefer using third-party security data and SIEM application for implementing data auditing in business. In this case, a global administrator requires a solution to disable the admin audit log in Office 365.
Prerequisites to Turn Off Office 365 Audit Log
- You must be assigned with Audit log role in Microsoft Exchange Online to deactivate admin audit log in your Office 365 tenant. By default, this respective role is allocated to the Compliance and Organization Management role groups under the Permission section in EAC. Ensure that O365 global administrators are members of the Organization Management role group.
- You can make use of Office 365 management activity API for accessing auditing record of your business. Disabling Office 365 audit log means that no outcome will be returned whenever you will be searching the audit log via Exchange Online security and compliance center. Even if you are working with ‘Search-UnifiedAuditLog’ command in Exchange PowerShell window then also, no result will be displayed. If you are having authorization in any of the programs to use auditing record of business through Office 365 management activity then, that software continue their work.
Guidelines to Disable Admin Audit Log in Office 365
PowerShell connected with the Exchange Online tenant is required to turn off Office 365 audit log. First, complete the list of prerequisites to implement the following steps and then only, proceed further :
1. Establish a proper connection between Exchange Online and PowerShell
2. Execute the following command in PowerShell window
3. Wait for a while and do not perform any operation. Now, check whether audit log feature is turned off or not. For this, you can choose anyone of either option :
a) Run following command in PowerShell :
If the ‘False’ value occurs then, indicates that you have successfully enabled audit data recording Office 365
b) Go to Search & Investigation >> Audit log search in the Search & Compliance center. Click on Search to continue
This method displays a message regarding the fact whether an audit log search feature is turned off or not.
Observational Verdict
An administrator can disable admin audit log in Office 365 if he or she does not find this feature suitable for them. But as a suggestion, we would like to recommend you that prefer using an audit log system in a business. It is so because admins will be able to see what all operations are carried away with their documents. If one does not find the default feature of audit log suitable for their use then, he or she can opt for third-party software for auditing purpose.