Microsoft Purview · Audit
Audit Reader
Search and export audit logs with read-only access, without ability to configure settings.
Scope: Organization-wide read-only audit log access
Permissions
- Audit Search - Search unified audit logs
- Export - Export audit log search results
- Event Details - View audit log details and events
- Reports - Run predefined audit reports
Common use cases
- Compliance analysts reviewing user activities
- Help desk investigating user-reported issues
- External auditors conducting compliance reviews
- Management reviewing access and activity reports
Best practices
- Use targeted date ranges to improve search performance
- Document audit searches for compliance purposes
- Export critical findings for reporting
- Coordinate with Audit Manager for retention needs
Security considerations
- Cannot modify audit settings - lower risk than Audit Manager
- Can still access sensitive activity information
- Export activities should be monitored
- Ensure proper justification for audit log access