Anonymous Sharing links: Possible to tell which IP addresses were used for access?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/268559

Question

Is there a way to get IP addresses of devices that are accessing SharePoint documents from One Drive for Business and SharePoint that were shared via anonymous links?

I'm guessing, we can get this information by going over the Audit reports?

Was it helpful?

Solution

Audit reports indeed contains IP address, but Audit log search depends on activities.

There is no activity relating to sign-in actions in SharePoint Online. I assume you can use activities like “Accessed file” or “Viewed page” as a workaround.

References:

Search the Office 365 audit log to troubleshoot common scenarios.

How to see the IP addresses from where your Office 365 users are accessing their mailbox.

OTHER TIPS

I want to expand Chelsea's answer here to provide more details.

This is what we can track:

  • Date
  • IP Address
  • User (will show up as "Anonymous")
  • Activity "Used an anonymous link"
  • Item: URL to the shared document/folder

To enable Audit log, we first need to turn it on and wait for about 16-24 hours. Article: Turn Office 365 audit log search on or off

To see the IP addresses of the devices used for accessing anonymous links:

  • Navigate to https://protection.office.com/unified audit log
  • Search > Audit log Search
  • Activities filter: Used an anonymous link
  • File, folder or site: leave blank, or enter URL of the file/folder in question.

Example

enter image description here

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top