- An error has occurred, which probably means the feed is down. Try again later.
New Exchange and SharePoint Logs for Microsoft Purview Audit Standard Users – Future Release (September 2024)
Microsoft Purview, a family of data governance, risk, and compliance solutions, is introducing new features to enhance its visibility and control over cloud security activity events for Microsoft Exchange and SharePoint. These events are generated by the Purview Audit service, which monitors and records user and system actions across various Microsoft 365 workloads.
Previously, Purview Audit offered two types of licenses: Audit Standard and Audit Premium. Audit Standard provided basic auditing capabilities for common events, while Audit Premium offered advanced auditing features for more granular and sensitive events. However, some customers requested access to certain events that were only available for Audit Premium users, even though they did not need the full functionality of the premium license.
To address this feedback, Purview Audit is expanding its event coverage for Audit Standard users by adding four new events that were previously exclusive to Audit Premium users. These events are related to Microsoft Exchange and SharePoint activities, and they are:
- MailItemsAccessed: This event occurs when a user or a delegate accesses one or more mail items in a mailbox. This event can help detect unauthorized or suspicious access to email messages.
- Send: This event occurs when a user sends an email message from their mailbox or on behalf of another user. This event can help track the source and destination of email communications.
- SearchQueryInitiatedExchange: This event occurs when a user performs a search query in Exchange Online. This event can help monitor the search activities and keywords used by users.
- SearchQueryInitiatedSharepoint: This event occurs when a user performs a search query in SharePoint Online.
These events will now be available for all Audit Standard users, regardless of their license type. This means that customers who only have an Audit Standard license will be able to access these events without upgrading to an Audit Premium license. However, customers who have an Audit Premium license will still enjoy some additional benefits over Audit Standard users.
One of these benefits is the ability to access more metadata fields for certain events. For example, for the MailItemsAccessed event, Audit Premium users will be able to see the SensitivityLabel field, which indicates the sensitivity level of the mail item that was accessed. This field can help identify and protect sensitive or confidential information in email messages.
Another benefit is the ability to access more events that are not available for Audit Standard users. For example, Audit Premium users can access events related to eDiscovery activities, such as eDiscoveryCaseCreated, eDiscoveryCaseUpdated, eDiscoveryHoldApplied, and eDiscoverySearchStarted. These events can help track and audit the legal discovery processes and actions performed by users.
By expanding its event coverage for Audit Standard users, Purview Audit aims to provide more flexibility and value for its customers who want to gain more visibility and control over their cloud security activity events for Microsoft Exchange and SharePoint. Customers can choose the license type that best suits their needs and budget, while still enjoying the benefits of Purview Audit’s comprehensive and integrated auditing capabilities.