Skip to content

Configuring OneDrive Activity Monitoring

Note

Verify auditing is enabled which was listed in the prerequisites.

Activity Monitoring gathers events from applications to help control and audit resource access.

Activity Monitoring is disabled by default. To enable it, set the Allow Activity Monitoring toggle to on.

Setting the Data Retention Period

Setting a data retention period allows the user to specify how long activities will be stored offline. Activities are available on the Activity Forensics screen for a default of 12 months. After the initial 12 months, the activity data is retained and available via a support ticket. You can set a retention period from between 1 month and 7 years. After the retention period is met, all activities will be deleted.

Example: If the data retention period in the application configuration is set to 18 months, the activities will be available in Data Access Security for the initial 12 months and then available by a support ticket for the 18 additional months, making it a total of 30 months.

Activity Exclusions

Note

Activity Monitoring exclusions need to be manually added.

Allows administrators to configure activities which are not desired to reduce unnecessary noise of activity data set. Activities which match exclusions will be discarded so they will not display in forensics or be held in any storage.

To add an exclusion:

  1. Type an exclusion into the relevant dropdown list (file extension, user, folder, actions).
  2. Select the + icon to add it to the list.
  3. Select to Next or Cancel to close the panel once the list is complete.

To edit or remove an exclusion from the list:

  1. Select the appropriate dropdown list.
  2. On the desired extension that needs to be edited or removed, select either the edit or delete icon.
  3. Select to Next or Cancel to close the panel.
  4. Click Clear Selection to clear the entire list.

Excluded File Extensions - List of file extensions that are not monitored, e.g., txt, exe. Enter one value at a time as described above.

Exclude Folders - List of folders that are not monitored, e.g., \servername\share1\folder1. Enter one value at a time as described above.

Exclude Users - List of users whose activities are not monitored, e.g., user1, domain\user2, user3@domain.com. Enter one value at a time as described above.

The user format to be used depends on how the activity is logged by the endpoint. If you are not sure which of the user formats above to use, either specify all of them, or leave the list empty for now, navigate to the Forensics > Activities screen in the File Access Manager Website after some activities flow in to see how the user is depicted in them and use that depiction in the exclusion list.

Exclude Actions - List of actions that are not monitored. e.g., copy file.

Supported Event Types

  • Access Request Approved
  • Access Request Created
  • AccessInvitationAccepted
  • AccessRequestApproved
  • Added To Group
  • Added To Secure Link
  • Anonymous Link Created
  • AnonymousLinkRemoved
  • AnonymousLinkUpdated
  • AnonymousLinkUsed
  • App Catalog SP Corporate Catalog Accessor Base Add
  • App Catalog SP Tenant Corporate Catalog Accessor Sync Solution To Teams
  • App Store Storefront Show App Details Page
  • App Store Storefront Task Get Apps
  • Client View Signaled
  • Comment Created
  • Comments Disabled
  • Company Link Created
  • Company Link Removed
  • CompanyLinkUsed
  • Device Access Policy Changed
  • File Accessed
  • File Accessed Extended
  • File Check Out Discarded
  • File Checked In
  • File Checked Out
  • File Copied
  • File deleted
  • File Deleted First Stage Recycle Bin
  • File Downloaded
  • File Modified
  • File Modified Extended
  • File Moved
  • File Previewed
  • File Recycled
  • File Renamed
  • File Uploaded
  • FileDeletedFirstStageRecycleBin
  • FileDeletedSecondStageRecycleBin
  • Folder Accessed
  • Folder Copied
  • Folder Created
  • Folder Deleted First Stage Recycle Bin
  • Folder Modified
  • Folder Moved
  • Folder Recycled
  • Folder Renamed
  • Folder Restored
  • FolderDeleted
  • FolderDeletedFirstStageRecycleBin
  • FolderDeletedSecondStageRecycleBin
  • Group Added
  • Group Removed
  • Group Updated
  • List Column Created
  • List Column Updated
  • List Created
  • List Item Created
  • List Item Updated
  • List Item Viewed
  • List Updated
  • List View Created
  • List View Updated
  • List Viewed
  • Page Prefetched
  • Permission Level Added
  • Removed From Group
  • RemovedFromSecureLink
  • Search Query Performed
  • Secure Link Created
  • SecureLinkCreated
  • SecureLinkDeleted
  • SecureLinkUsed
  • SharedLinkCreated
  • SharedLinkDisabled
  • Sharing Inheritance Broken
  • Sharing Inheritance Reset
  • Sharing Invitation Created
  • Sharing Policy Changed
  • Sharing Revoked
  • Sharing Set
  • SharingInvitationAccepted
  • SharingInvitationBlocked
  • SharingInvitationCreated
  • SharingInvitationUpdated
  • SharingRevoked
  • SharingSet
  • SP Corporate Catalog App Metadata Deploy Skip Feature Deployment
  • SP Corporate Catalog App Metadata Deploy With Feature Deployment
  • Web Members Can Share Modified
  • Web Request Access Modified

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.