![]() This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet. You have to assign the permissions in Exchange Online. If you assign a user the View-Only Audit Logs or Audit Logs role on the Permissions page in the compliance portal, they won't be able to search the audit log. For more information, see Manage role groups in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. ![]() By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. Although the Get-AdminAuditLogConfig cmdlet is also available in Security & Compliance PowerShell, the UnifiedAuditLogIngestionEnabled property is always False, even when audit log search is turned on. For more information, see Turn audit log search on or off.īe sure to run the previous command in Exchange Online PowerShell. The value of True for the UnifiedAuditLogIngestionEnabled property indicates that audit log search is turned on. To verify that audit log search is turned on, you can run the following command in Exchange Online PowerShell: Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled Use a PowerShell script to search the audit logīe sure to review the following items before you start searching the audit log.Īudit log search is turned on by default for Microsoft 365 and Office 365 enterprise organizations.For a more complete list of auditing record types, see Office 365 Management Activity API schema.įor more information about using PowerShell to search the audit log, see: Some services have multiple record types for different types of activities within the same service. The previous table also identifies the record type value to use to search the audit log for activities in the corresponding service using the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell or by using a PowerShell script. ![]() ThreatIntelligence, ThreatIntelligenceUrl, ThreatFinder, ThreatIntelligenceAtpContentĭataShareCreated, DataShareDeleted, GenerateCopyOfLakeData, DownloadCopyOfLakeDataįor more information about the operations that are audited in each of the services listed in the previous table, see the Audit log activities article. SharePoint, SharePointFileOperation,SharePointSharingOperation, SharePointListOperation, SharePointCommentOperation MIPLabel, SensitivityLabelAction, SensitivityLabeledFileAction, SensitivityLabelPolicyMatch MIPLabel, MipAutoLabelExchangeItem, MipAutoLabelSharePointItem, MipAutoLabelSharePointPolicyLocation Microsoft Purview Information Protection (MIP) labels Microsoft 365 service or featureĪzureActiveDirectory, AzureActiveDirectoryAccountLogon, AzureActiveDirectoryStsLogonĪipDiscover, AipSensitivityLabelAction, AipProtectionAction, AipFileDeleted, AipHeartBeatĬomplianceDLPSharePoint, ComplianceDLPExchange, DLPEndpointĮxchangeAdmin, ExchangeItem, ExchangeItemAggregatedĪirInvestigation, AirManualInvestigation, AirAdminActionInvestigation, MS365DCustomDetection ![]() The following table lists the Microsoft 365 services and features that are supported by the unified audit log. Why a unified audit log? Because you can search the audit log for activities performed in different Microsoft 365 services. Microsoft 365 services that support auditing Learn details about signing up and trial terms. Start now at the Microsoft Purview compliance portal trials hub. Use the 90-day Purview solutions trial to explore how robust Purview capabilities can help your organization manage data security and compliance needs. If you're not an E5 customer, you can try all the premium features in Microsoft Purview for free.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |