Share via

Copilot M365: Administration events and audit logs

Anonymous
2025-06-19T10:47:27+00:00

Hi,

In order to set up a Copilot M365 search: Administration events and audit logs (activity metadata and iterations with Copilot).

Changes made from an IT administrator to Copilot M365 Admin Center such events are not reflected in the audit log. You can only see Copilot interactions in named user applications (Sherepoint, Teams, Edge, mail, etc.). What is the correct way and search?

What is the way to set up a Copilot M365 search: Administration events and audit logs for an IT user?

What are the relevant logs to keep in mind, important in the audit logs in administration events?

The changes made by an IT user in Admin for Copilot M365 what are the tasks concerning the administration console?

I have consulted online but cannot find what I need. I would request your knowledge and more relevant and accurate information through this consultation.

Appreciate your understanding and patience

Regards,

Microsoft 365 and Office | Install, redeem, activate | For business | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Anonymous
    2025-06-24T15:14:41+00:00

    Dear David Moreno Garcia,

    Thank you for your detailed update.  

    After I research internal documentation and Microsoft Learn resources, here's a detailed breakdown of how this works I suggest for you: 

    Firstly, Microsoft 365 Copilot activities - including those performed by IT administrators - are logged and accessible through the Microsoft Purview compliance portal, specifically via the Unified Audit Log (UAL)

    So, help me make sure some information: 

    • Audit logging must be enabled in Microsoft Purview. This is typically on by default for Microsoft 365 tenants.
    • The admin user must have a valid Microsoft 365 license assigned to ensure their actions are logged.
    • The user must have appropriate permissions (e.g., Global Admin or Compliance Admin) to access and search the audit logs.

    After that, I suggest you the following types of activities are captured: 

    • Copilot Studio interactions: Includes changes to agents, settings, and user interactions.
    • Security Copilot logs: Captures user and system events, accessible via Purview.
    • Admin Center Copilot actions: While Copilot itself doesn’t make configuration changes, any admin-initiated actions (e.g., enabling features, managing licenses) that result from Copilot suggestions are logged if executed through standard admin interfaces.

    And here is how to perform an audit search: 

    1. Go to Microsoft Purview: https://compliance.microsoft.com
    2. Navigate to Audit > Audit Search.
    3. Use filters such as:  
      1. Activities: Filter by “CopilotInteraction”, “AdminAction”, or specific service names like SharePoint, Teams, etc.
      2. Users: Specify the admin account.
      3. Date Range: Choose the relevant time window.
    4. Optionally, use PowerShell for advanced queries.

    Here are some examples of events you might want to filter for: 

    Event Type Description
    CopilotInteraction User or admin interaction with Copilot
    Set-CopilotSetting Admin changes to Copilot configuration
    AdminCenterAction Actions initiated via Admin Center
    Export-CopilotLog Diagnostic log exports by admin
    AccessAgentSettings Viewing or modifying Copilot agents

    These are mapped in Microsoft’s documentation and can be filtered through the Purview portal. 

    Admins can also collect feedback logs from users via the Admin Center: 

    • Go to Copilot > Diagnostic Logs
    • Select a user and choose up to 30 recent conversations
    • Review and optionally scrub the logs before submission

    If the user's Copilot activities (based on the actions outlined above) don't appear in your audit logs despite proper configuration, you'll need to raise a support ticket through https://admin.microsoft.com/#/support/requests because our technical team can contact you directly via call or meeting to troubleshoot issue faster. 

    As a forum moderator, I don’t have access to backend systems or internal diagnostic tools, but I’ll do everything possible to guide you with the information and resources available to me. 

    We appreciate your time and look forward to resolving this for you.  

    Best regards, 

    Vicky-I - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  3. Anonymous
    2025-06-23T06:39:51+00:00

    Good morning,

    I have already checked the links indicated but the operations performed as IT administrator user in M365 are not reflected in the audit search.

    I need to know the operation required to perform IT admin user in admin copilot M365 to be registered in log.

    I need knowledge of an action or actions required to be performed by an IT administrator in Admin console in Copilot M365 to perform the specific audit search operation.

    The PureView audit search option is correct for the collection of events by an admin user in console? what are the relevant events in such a search? would it be interesting to know the examples needed to perform the correct action and operation of audit searches in the search system, as they are currently multiple?

    Greetings,

    Was this answer helpful?

    0 comments
  4. Anonymous
    2025-06-22T18:05:28+00:00

    Hi David, 
    It has been a while and I am writing to see how things are going with this issue. Have you had a chance to check the replies provided? Any update would be appreciated. If you think my reply is helpful to you, please remember to mark it as an answer.  
    Warm Regards,
    Vicky-I-MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments
  5. Anonymous
    2025-06-19T13:48:18+00:00

    Dear David Moreno Garcia,  

    Thank you for your detailed question regarding audit logging for Copilot M365 administration activities. I tried my best to help you research some references that I hope can be helpful for you. You can check it out and let me know if you want me to support you more: Audit logs for Copilot and AI applications | Microsoft Learn  

    You can also check through this Microsoft Purview Community that has many discussions on it relevant to your context or create a question by yourself on this: Category: Microsoft Purview | Microsoft Community Hub  

    Additionally, if you need further and deeper step by step assistance, I recommend you submit a Support Ticket (if you are admin or you can contact your IT admin) to escalate this to Microsoft via https://admin.microsoft.com/#/support/requests because our technical team can contact you directly via call or meeting to troubleshoot issue faster.  

    I hope you understand that as a moderator, I’ll do everything within my capabilities to assist you with this issue. So again, let me know if you want me to support anything you need more!  

    Best regards,  

    Vicky-I - MSFT | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments