Track Viva Engage events in the Microsoft 365 audit log and with the Management Activity API
To monitor security and compliance-related Viva Engage events for your organization, turn on audit logging. You can monitor changes to users, groups, files, admins, and network settings. The audit logs are available in the Microsoft 365 Security compliance portal or by using the Microsoft 365 Management Activity API.
To audit events, you must have be assigned the Audit Logs role in Microsoft Exchange Online. You can view Viva Engage events from your home network but not from external networks. You can track the following event categories:
Users—includes activate, suspend, and delete a user.
Groups—includes create and delete Microsoft 365 connected Viva Engage groups. This API doesn't provide data for legacy Viva Engage groups.
Files—includes create, views, and delete a file.
Admins—includes export data, trigger private content mode, and force all users to sign out.
Network settings—includes changes to the data export interval and data retention policy.
View the audit sign-in the Microsoft 365 Security & compliance portal
Before you can view the audit log, you need to turn on Microsoft 365 audit log search. You only have to do this step once. It takes a few hours after you turn it on before you can search the logs.
To view the audit log:
Go to the Microsoft Purview compliance portal and sign in using your work or school account.
In the left pane of the compliance portal, select Audit.
Follow the instructions to search audit logs as described in Search the audit sign-in the Microsoft 365 Security and compliance portal.
Learn more about the Management API
You can use the Microsoft 365 Management Activity API to download various Viva Engage audit data. Read about how to register your application in Microsoft Entra ID to get access to these features in Get started with Microsoft 365 Management APIs. For the API reference, see Microsoft 365 Management Activity API schema.