As, generally, we want to know what goes on in our environment, I like to enable Auditing wherever I can. Sharepoint is a more and more important resource where we store our data. Auditing can be very useful if files dissapear, auditors need specific information, or worse, cryptolockers rename all your files.

As setting audit logging through the interface is well documented, I wanted to share the Powershell way of doing this, assuming you’ve already installed the Sharepoint Client Components:

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") | Out-Null

$Context = New-Object Microsoft.SharePoint.Client.ClientContext("INSERT YOUR SITE URL HERE")
$secPassword = ConvertTo-SecureString "YOUR PASSWORD" -AsPlainText -force
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials("YOUR LOGIN",$secpassword)
$Context.RequestTimeout = 16384000
$Context.Credentials = $Credentials
$Context.Load($Context.Web)
$Context.Load($Context.Site)
$Context.ExecuteQuery()

#set audit logging for the site collection to ALL
$Context.Site.Audit.AuditFlags = "All"
$Context.Site.Audit.Update()
$Context.ExecuteQuery()