The Audit Log gives Syncro Users with appropriate security permissions visibility into a wide range of backup events with detailed information and a longer tracking history than the Task Manager. It contains a list of all actions taken in the Backup Portal (e.g., an Admin restores or downloads data from Microsoft 365 or Entra ID backup, modifies consent, views or searches data, changes backup configurations, etc.).

Tip: If you're looking for all restore tasks, or the latest manually-initiated tasks and their outcome, you may want to View Events in the Task Manager.

View the Audit Log

Follow these steps to view the Audit Log:

1. Navigate to any Syncro Tenant's Details Page.
2. In the Cloud Backup section, click Manage, then select Audit Log:
   
   Note: If you're already in the Backup Portal, you can access the Audit Log from the User Profile menu in the upper right.
   Audited events display in chronological order with the newest shown first:
   

Filter Audit Log Data

Use the dropdown menus to filter the events shown based on:

• Actor: A list of signed-in users who performed action(s) in the Backup Portal.
• Event: A list of action(s) taken (e.g., “Emails were accessed” or “SharePoint restore was initiated.” You can select more than one Event at a time.
• Target User: A list of users who were affected by the action (e.g., the user whose emails were accessed).
• Time Range: The time period when the action(s) were taken. Options include Last Week, Last Month, Last Year, or select a Custom date range.

Note: The filters only display relevant Actors/Events. If, for example, a certain Actor is not visible in the Actor filter, that user has not taken any action in the Backup Portal.

Tip: Click the slanted triple line () icon to clear the filters.

About Audit Log Entries

The Audit Log lists all user actions that have taken place in the Backup Portal, with the following exceptions:

• A signed-in user accessing his/her own OneDrive or Mail folders, and
• A signed-in Administrator browsing shared organization data (SharePoint & Teams)

Note: If a user restores or downloads their own data, or an Administrator restores or downloads shared organization data, these actions are visible in Audit Log.

What appears in the Details column of the Audit Log depends on the Service restored and/or downloaded:

• Mail: For email folders, the folder name is shown. For single or selected emails, the email subject(s) is shown.
• OneDrive/SharePoint: For file or folder restores, destination accounts and/or folders, SharePoint lists/OneDrive, the folder and file names, as well as paths of all restored files are shown. Click the ellipsis icon to view the full list of restored files.
• Backup settings: When backup settings for user or organization Services have been modified, both the old and new settings are shown. Click the State Before () icon to view the original settings. Click the State After () icon to view the new settings.