Search the audit log in the Office 365 Security & Compliance Center - Audited Activities |Sharing and access request activities

Created by Akshit Kapoor, Modified on Fri, 23 Mar, 2018 at 3:10 PM by Alen Varghese

The following table describes the user sharing and access request activities in SharePoint Online and OneDrive for Business. For sharing events, the Detail column under Results identifies the name of the user or group the item was shared with and whether that user or group is a member or guest in your organization.


Friendly name
Operation
Description
Accepted access request
AccessRequestAccepted
An access request to a site, folder, or document was accepted and the requesting user has been granted access.
Accepted sharing invitation
SharingInvitationAccepted
User (member or guest) accepted a sharing invitation and was granted access to a resource. This event includes information about the user who was invited and the email address that was used to accept the invitation (they could be different). This activity is often accompanied by a second event that describes how the user was granted access to the resource, for example, adding the user to a group that has access to the resource.
Created a company shareable link
CompanyLinkCreated
User created a company-wide link to a resource. company-wide links can only be used by members in your organization. They can't be used by guests.
Created access request
AccessRequestCreated
User requests access to a site, folder, or document they don't have permissions to access.
Created an anonymous link
AnonymousLinkCreated
User created an anonymous link to a resource. Anyone with this link can access the resource without having to be authenticated.
Created sharing invitation
SharingInvitationCreated
User shared a resource in SharePoint Online or OneDrive for Business with a user who isn't in your organization's directory.
Denied access request
AccessRequestDenied
An access request to a site, folder, or document was denied.
Removed a company shareable link
CompanyLinkRemoved
User removed a company-wide link to a resource. The link can no longer be used to access the resource.
Removed an anonymous link
AnonymousLinkRemoved
User removed an anonymous link to a resource. The link can no longer be used to access the resource.
Shared file, folder, or site
SharingSet
User (member or guest) shared a file, folder, or site in SharePoint or OneDrive for Business with a user in your organization's directory. The value in the Detail column for this activity identifies the name of the user the resource was shared with and whether this user is a member or a guest. This activity is often accompanied by a second event that describes how the user was granted access to the resource; for example, adding the user to a group that has access to the resource.
Updated an anonymous link
AnonymousLinkUpdated
User updated an anonymous link to a resource. The updated field is included in the EventData property when you export the search results.
Used an anonymous link
AnonymousLinkUsed
An anonymous user accessed a resource by using an anonymous link. The user’s identity might be unknown, but you can get other details such as the user's IP address.
Unshared file, folder, or site
SharingRevoked
User (member or guest) unshared a file, folder, or site that was previously shared with another user.
Used a company shareable link
CompanyLinkUsed
User accessed a resource by using a company-wide link.
Withdrew sharing invitation
SharingInvitationRevoked
User withdrew a sharing invitation to a resource.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article