Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Community
  • |
  • Support Portal
  • Home
  • Cloud Backup
  • Monitor & Audit Backup Health

View the Audit Log

Contact Us

If you have questions or want help, please Submit a Request.

Updated at Sep 29, 2025
By Kali Patrick

Table of Contents

Navigate to the Audit Log Filter Audit Log Data About Audit Log Entries Audit Log Entry Examples

Related Docs

  • Getting Started with Microsoft 365 & Entra ID Backup
  • View Events in the Task Manager

The Audit Log gives Syncro Users with appropriate security permissions visibility into all user actions within the Backup Portal.

This includes, but isn't limited to, accessing data, initiating restores and backups, modifying consent, and modifying backup settings. The log's primary function is to help you track and review user-based activities within a backup instance.

Tip: The Audit Log does not contain information on backup or restore statuses, such as completion times or failures. You can find this information in the Task Manager.

Navigate to the Audit Log

Follow these steps to view the Audit Log:

  1. Navigate to any Syncro Tenant's Details Page.
  2. In the Cloud Backup section, click Manage, then select Audit Log.
    Note: If you're already in the Backup Portal, you can access the Audit Log from the User Profile menu in the upper right.
    Audited events display in chronological order with the newest shown first:

Filter Audit Log Data

Use the dropdown menus to filter the events shown based on:

  • Actor: A list of signed-in users who performed action(s) in the Backup Portal. The options include: “System,” and “All,” followed by a list of specific users. 
  • Event: A list of action(s) taken or events that happened (e.g., “Emails were accessed” or “SharePoint restore was initiated”). You can select more than one Event at a time.
  • Target User: A list of users who were affected by the action (e.g., the user whose emails were accessed). This is a single-select field.
  • Time Range: The time period when the action(s) were taken. Options include Last Week, Last Month, Last Year, or select a Custom date range from the calendar.

Note: The filters only display relevant Actors/Events. If, for example, a certain Actor is not visible in the Actor filter, that user has not taken any action in the Backup Portal.

Tips: Click the slanted triple line () icon to clear the filters. Click the refresh () icon to refresh the Audit Log for new entries.

About Audit Log Entries

The Audit Log lists all user actions that have taken place in the Backup Portal, with the following exceptions:

  • A signed-in user accessing his/her own OneDrive or Mail folders, and
  • A signed-in Administrator browsing shared organization data (SharePoint & Teams)

Notes: 

  • If a user restores or downloads their own data, or an Administrator restores or downloads shared organization data, these actions are visible in Audit Log.
  • Entries cannot be deleted from the Audit Log, nor can entries be added manually.

What appears in the Details column of the Audit Log depends on the Service restored and/or downloaded:

  • Mail: For email folders, the folder name is shown. For single or selected emails, the email subject(s) is shown.
  • OneDrive/SharePoint: For file or folder restores, destination accounts and/or folders, SharePoint lists/OneDrive, the folder and file names, as well as paths of all restored files are shown. Click the ellipsis icon to view the full list of restored files.
  • Backup settings: When backup settings for user or organization Services have been modified, both the old and new settings are shown. Click the State Before () icon to view the original settings. Click the State After () icon to view the new settings.

Audit Log Entry Examples

Here are some example entries for the Audit Log:

Organization backup settings were modified: This example shows the settings were changed for backups as part of the initial configuration, which is why no user is associated with the change. For subsequent actions, this entry would also include the user who made the change:

Emails were accessed: This example shows the user whose email was accessed and which folder of emails was accessed:

 

SharePoint backup was initiated: This example shows the user who initiated a backup of SharePoint:

 

Mail restore was initiated: This example shows that a Restore was initiated for the user, and it shows which specific email was targeted in the restore:

 

SharePoint restore was initiated: This example shows which List and which site were restored for SharePoint:

 

Teams restore was initiated: This example shows the Team ID that was restored, along with the Channel:

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2025 Servably, Inc. All rights reserved.

Expand