Hello,
Thank you so much for posting here.
To protect files from being deleted, we could deny delete permission. For more detailed information, we could refer to the below link:
https://answers.microsoft.com/en-us/windows/forum/windows_7-files/protect-files-from-being-deleted/814dbe4c-8957-4e39-9fd7-b613e2812851
So sorry that I am not professional with IT audit. In order to audit the specific information on who deleted the files, we could enable on the folder the Delete action audit and enable audit object access at the Audit Policy. Then we could monitor the events recorded on the Event Viewer.
More detailed information, we could refer to the similar case and articles:
https://social.technet.microsoft.com/Forums/ie/en-US/ed46b837-007f-474b-9a68-454c7f76f192/how-to-audit-delete-filesfolders-action-on-shared?forum=winservergen
https://www.netwrix.com/how_to_detect_who_deleted_file.html
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-file-system
For any question, please feel free to contact us.
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.