You’ll find an audit log under the Manage Administration service that shows who performed what actions against which object. Here’s how it looks:
Filtering and sorting the audit log
Apply filters to the log using fields in the top row.
You can also sort the data by clicking on a column name. If the audit log is currently being sorted by a certain column, a line displays above the column name (shown below). Click the column name again to reverse the filter.
A Hide/Show System Events button displays above the audit log. Click this button to filter for only user-generated events.
Audit log contents
Here’s a description of the contents of each column:
|Action||The action that was performed|
|Changes||Shows details of what was changed. For example, showing a phone number changed from 555-5555 to 444-4444.|
|Affected object||The resource the changes were performed against|
|Tenant||The tenant affected by the changes|
|Submitter||The user who initiated the event|
|Submitter IP||The IP address of the user who initiated the event|
|Event type||Shows whether the job is completed, errored, running, etc.|
|Submitted||Date and time the job was initiated|
Here’s a video showing the audit log:
Audit log in action (videos)
Here’s a video showing how the audit log might look after a delegated administrator changes a user’s display name:
And, here’s how it might look if you use the audit log to find out when a certain action (like a reset password) took place: