How To Guide
How to Audit User Access Logs Regularly
Catch unauthorised access before it becomes a breach.
Overview
Who accessed what, when, and should they have?
Step 1: Enable Logging
Configure systems.
1
Windows
- Enable audit policies
- Audit logon events
- Audit object access
- Retain logs 90+ days
2
Cloud
- M365 audit log
- Google Workspace audit
- Enable unified logging
Step 2: Review
Systematic schedule.
1
Weekly
- Failed login attempts
- Unusual location logins
- New account creations
2
Monthly
- Accounts for former employees
- Group memberships
- Admin account audit
- File share permissions
Step 3: Access Hygiene
Maintain clean controls.
1
Practices
- Joiner/mover/leaver process
- Immediate disable on leaving
- Quarterly formal review
3
Automated Auditing Tools
- Microsoft 365: Use Azure AD Access Reviews for automated campaigns
- Google Workspace: Use Admin audit log and BetterCloud
- Active Directory: Use Netwrix Auditor or ManageEngine
- Automate alerts for: New admin accounts, permission changes, group changes
- Schedule automated reports to department managers monthly
- Use identity governance tools to automate joiner/mover/leaver changes
4
Compliance Reporting
- Generate access review evidence for auditors (ISO 27001, GDPR)
- Maintain a log of all review decisions: Approved, revoked, modified
- Track remediation speed: How quickly are revoked accounts disabled?
- Create an access review dashboard with compliance metrics
- Align review schedules with your compliance calendar
- Brief management quarterly on audit findings and trends
Need Professional Help?
Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.