Permissions required to view SharePoint Online Audit Logs

Submitted by Vladilen on Tue, 02/18/2020 - 16:52

Audit logs are moved from SharePoint site collection to Office 365 Security and Compliance Center.

I.e. to view Audit Logs in on-prem you have to go to the site collection and get audit logs for this site collection.

In Office 365 it is different: 
1) no audit logs within site collection
2) Search for tenant-level Audit logs now available from Office 365 Security and Compliance Center

So in Office 365 the one who have tenant SharePoint Administrator  role cannot get audit logs.

Question: What kind of permissions (roles) required to be able to see audit logs?

Answer: "View-Only Audit Logs" role assigned in Exchange Online admin Center. 

No any global admin role is required. I.e. any non-admin user can see audit logs (and more). 

Trick: you must go directly to https://protection.office.com/unifiedauditlog.

If you try to login to http://admin.microsoft.com/ (having in mind to go to SCC), you'll get "You don’t have permission to access this page or perform this action" message.

But if you go directly to https://protection.office.com/unifiedauditlog, you'll see audit logs.