1

I have a SharePoint site that is shared to an external company, and three users reached out to me today to say they received emails with the security code to access the site when in fact they had not made any attempt to access the site. I’d like to see where the source of the requests were coming from, so I followed the instructions in this link to create an audit log report. I had hoped it would show me the originating IP, but the only IPs listed are Microsoft’s IPs. Does anyone know how/where to see where users are accessing SharePoint sites from, either by listing a computer name or an IP address?

7 Spice ups
2

Just noting, it looks like that only is going to give you events that write to the site.
If you go a few pages more in that article, there is another type of auditing, Unified Audit Logging" that seems to record views also. You need site admin access, and it is under “Site Collection features / reporting” under Site Settings…cause that is certainly where I would look for it Pffft

1 Spice up
3

Thanks, but that is already active on our tenant.

image

In fact, this is a prerequisite to even run the report mentioned in the link. The report shows me view events in addition to writes, but it just doesn’t show me anything that would tell me from where the access originated, either by IP or device/computer name or whatever. I’d show a screenshot of the report, but there’s far too much information to redact in there. :frowning: