@Petri Helin I think you'll probably need an Activity Policy for this. You can create an Activity Policy to match anything in the "Activity Object" field of the Activity Log entry. If the specific property you're interested in auditing isn't listed there, you can create a Service Ticket with Support to add any of the "Raw Data" fields we pull from O365. But it sounds like the specific property you're after isn't audited at all by SPO so I doubt you will find it in the Raw Data field of the Activity Log entry. I think you'll want to petition SPO to start auditing for the API Object and then MCAS to start calling for it - but I'm not entirely sure, frankly. Definitely wouldn't be a Session Policy (CAAC) and I couldn't find anything seemingly relevant for a File Policy.