Table of contents
File activity is one of the clearest indicators of real work being done inside Microsoft 365. WorkSights captures high-level metadata from OneDrive and SharePoint to reflect document interaction without accessing file contents or exposing collaboration details.
WorkSights ingests this metadata directly from Microsoft’s Unified Audit, ensuring accurate, privacy-respecting visibility into how users interact with files across the entire Microsoft 365 ecosystem.
What WorkSights Receives
WorkSights receives metadata each time a mapped user interacts with a file stored in OneDrive or SharePoint. Depending on the action, WorkSights may receive:
- File name
- Action type (viewed, edited, created, deleted, renamed, downloaded, shared)
- Timestamps
- File location (OneDrive or SharePoint)
- High-level sharing activity (e.g., link created)
WorkSights does not receive:
- File contents
- Document text
- Images, attachments, or revisions
- Version history
- Lists of collaborators
- Folder structures beyond the file path supplied by Microsoft
Only metadata required to indicate that meaningful file activity occurred.
How File Activity Appears in WorkSights
WorkSights creates clear, concise activity entries on the user’s timeline:
- File Viewed: short interaction signal that helps illustrate passive engagement
- File Edited: counted as work and scored according to editing duration
- File Created: represents the beginning of new document work
- File Renamed: metadata-level signal that appears as a brief action
- File Downloaded: stored as a light interaction event
- File Deleted: reflected as a removal action where audit logs provide the metadata
Frequent editing events are automatically consolidated during WorkSights's overnight processing. This keeps the timeline readable and ensures that a series of small edits is represented as a single, meaningful work period.
How WorkSights Processes File Activity
Microsoft sends WorkSights audit entries whenever a file is created, viewed, edited, restored, moved, renamed, or deleted. These entries are generated whether the user is working in a desktop app, browser, or mobile environment.
WorkSights reconstructs a clean and realistic activity timeline by:
- Merging repeated edit events into a single continuous work period
- Assigning durations that reflect real editing sessions
- Filtering automated system actions to avoid noise
- Displaying only user-initiated activity for clarity
This ensures high accuracy without overstating work or cluttering the timeline.
Privacy and Security
WorkSights never receives or stores file contents.
WorkSights never ingests comments, collaboration threads, sharing links, or document bodies.
Only mapped users generate activity entries.
All data remains within Microsoft’s ecosystem until Microsoft delivers activity metadata through the audit log.
Data Notes
WorkSights relies on Microsoft’s Unified Audit Log. If audit logging is disabled, some file events may not appear.
File activity is available only from the moment the Microsoft 365 integration is connected.
WorkSights does not distinguish which users collaborated on a file at the same time.
Very high-volume editing activity may take several minutes to consolidate during overnight processing.
Next Steps
For audit log configuration requirements, see Microsoft 365 Audit Log Activation.
For connection details, see Connecting Microsoft 365.
For a platform-level explanation of Microsoft 365 activity in WorkSights, see Microsoft 365 Overview.