Rencore
Product · Compliance & Audit Evidence

Audit Logging

Track every governance action with a complete audit trail. Policy changes, automation executions, approval decisions, configuration updates, exported as CSV or streamed to SIEM.

Published For Compliance & Legal, CISO, IT Admin
Book a demo Start free trial

Audit Logging captures every action taken on the Rencore platform, policy changes, automation executions, approval decisions, configuration updates, RBAC modifications, user activity. Each log entry includes timestamp, actor identity, target object, before-state, and after-state where applicable. Export in CSV or stream continuously to SIEM. Required evidence for SOC 2 CC7.2, ISO 27001 A.12.4, and every major audit framework.

What gets logged

Three categories: platform configuration (policy changes, automation edits, dashboard modifications, RBAC updates), governance actions (automation runs, approval decisions, access review outcomes, remediation executions), and user activity (logins, dashboard views, exports). All three feed the same audit pipeline and are exported through the same interface.

Each log entry contains: timestamp (with timezone), actor identity (resolved to Entra ID where possible), action type, target object, before/after state where applicable, source IP, and correlation ID for related events. The schema is consistent across action types so downstream parsing is uniform.

Tamper resistance

Audit log entries are append-only, the API does not expose edit or delete operations for log entries, even to platform administrators. This is the foundational property that makes the log usable as compliance evidence: an auditor needs to know that what they see is what actually happened.

For organizations with strict integrity requirements, the audit log can be streamed continuously to an external SIEM or log management system, creating an off-platform copy that further reduces the risk of in-platform tampering.

Retention

Configurable retention per log category, typically 1-7 years to align with regulation. Logs older than the retention period are archived (compressed, exportable) and eventually purged. The retention policy itself is logged, so changes to retention are auditable.

Frequently asked questions

What is Rencore governance?
Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.
Can I export data from Rencore?
Yes. Rencore exports reports and dashboards in PDF, Excel, and CSV formats, with no feature gating by plan tier. Scheduled report delivery sends governance snapshots by email on a daily, weekly, or monthly cadence. The SIEM export streams governance events to Splunk, Microsoft Sentinel, and other SIEMs in real time.
How do Rencore policies work?
Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by

MAPALBAMVille de LuxembourgWACKERGRUNDFOSAMGENOsramLufthansaHoneywellThyssenKruppSunrisePattern

See Rencore in your tenant

Connect your environment in minutes and surface the governance findings that matter on day one.

Try Rencore for free Book a demo