Guides
Google Workspace
Overview
Sign Up with Google Workspace
Connecting Google Workspace
Google Chat
Google Meet
Microsoft365
Overview
Sign Up with Microsoft 365
Connecting Microsoft 365
Microsoft 365 Audit Log Activation
Microsoft Logins
HubSpot
Overview
Setup
CRM
Sales
Service
Salesforce
No items found.
Attio
Overview
Setup
Slack
Overview
Setup
Atlassian
Overview
Setup
GitHub
Overview
Setup
Commits
Comments
Pull Requests
Linear
Overview
Setup
Zoom
Overview
Setup
Phone
Meetings
Webinars
Basecamp
Overview
Setup
Files
To-Dos
Comments
Monday.com
Overview
Setup
Notion
Overview
Setup
Everhour
Overview
Setup
Harvest
Overview
Setup
Toggl Track
Overview
Setup
ClickUp
Overview
Setup

Table of contents

First heading in the blog
Guides
<l1>

OneDrive and Sharepoint

Integrations
Microsoft365
Last updated
April 22nd, 2026

OneDrive and Sharepoint

OneDrive and SharePoint file activity is one of the clearest indicators of focused work inside Microsoft 365. WorkSights ingests file interaction metadata from Microsoft's Unified Audit Log to reflect when users are actively working with documents, while preserving full file privacy.

OneDrive and SharePoint activity requires audit logging to be active for your tenant. If file activity is not appearing, see Microsoft 365 Audit Log Activation.

For connection steps, see Connecting Microsoft 365.

What WorkSights Receives

WorkSights processes file interaction metadata from the Unified Audit Log. This includes file name, action type, timestamp, and file location (OneDrive or SharePoint). The action types WorkSights receives are: viewed, edited, created, renamed, downloaded, deleted, and shared. File contents, document text, revision history, version history, collaboration participants, and folder structures are never received.

How OneDrive and SharePoint Activity Appears

File events appear as color-coded entries on the user's daily timeline. Each entry represents a discrete interaction such as a view, edit, or rename. The file name is shown for context.

Continuous editing: When Microsoft detects ongoing editing activity, it generates multiple audit events. Rather than displaying every event individually, WorkSights compacts repeated interactions on the same file into a single block during nightly processing. The block reflects the time between the first and last interaction, giving a realistic view of focused work without unnecessary noise.

Data Notes

OneDrive and SharePoint activity depends on the Unified Audit Log being active. If audit logging was recently enabled, allow several hours for Microsoft to begin producing file events. Activity is available only from the moment the Microsoft 365 integration is connected. WorkSights does not distinguish which users were collaborating on a file at the same time.

Troubleshooting

If OneDrive and SharePoint activity is not appearing as expected:

  • Confirm audit logging is active for your tenant. File activity requires the Unified Audit Log. See Microsoft 365 Audit Log Activation.
  • Confirm the affected user is mapped in WorkSights.
  • Some tenants begin producing file audit output later than others after enabling ingestion. Allow additional propagation time if file events are missing after audit logging is confirmed active.
  • Compaction of repeated editing events happens during nightly processing. Raw event volume during the day may look different from the consolidated view the following morning.
  • For persistent issues, contact support via the in-app chat.

Related Guides

Microsoft 365 Overview

Connecting Microsoft 365

Microsoft 365 Audit Log Activation

Product
FeaturesPricingFAQs
Company
ContactAbout
Resources
GuidesSupportBlogStatus
PrivacyTermsSecurity
Bluesky Streamline Icon: https://streamlinehq.com Bluesky
<year> WorkSights AI