Posts Tagged ‘audit’
New Exchange and SharePoint Logs for Microsoft Purview Audit Standard Users – Future Release (September 2024)
Microsoft Purview, a family of data governance, risk, and compliance solutions, is introducing new features to enhance its visibility and control over cloud security activity events for Microsoft Exchange and SharePoint. These events are generated by the Purview Audit service, which monitors and records user and system actions across various Microsoft 365 workloads.
Previously, Purview Audit offered two types of licenses: Audit Standard and Audit Premium. Audit Standard provided basic auditing capabilities for common events, while Audit Premium offered advanced auditing features for more granular and sensitive events. However, some customers requested access to certain events that were only available for Audit Premium users, even though they did not need the full functionality of the premium license.
To address this feedback, Purview Audit is expanding its event coverage for Audit Standard users by adding four new events that were previously exclusive to Audit Premium users. These events are related to Microsoft Exchange and SharePoint activities, and they are:
- MailItemsAccessed: This event occurs when a user or a delegate accesses one or more mail items in a mailbox. This event can help detect unauthorized or suspicious access to email messages.
- Send: This event occurs when a user sends an email message from their mailbox or on behalf of another user. This event can help track the source and destination of email communications.
- SearchQueryInitiatedExchange: This event occurs when a user performs a search query in Exchange Online. This event can help monitor the search activities and keywords used by users.
- SearchQueryInitiatedSharepoint: This event occurs when a user performs a search query in SharePoint Online.
These events will now be available for all Audit Standard users, regardless of their license type.
This implies that clients with only an Audit Standard license can attend these events without needing to upgrade to an Audit Premium license.
Nevertheless, clients holding an Audit Premium license will still receive added advantages over Audit Standard users.
One of these perks is the capability to access a greater number of metadata fields for specific events.
For instance, for the MailItemsAccessed event, Audit Premium users will have visibility into the SensitivityLabel field, indicating the sensitivity level of the accessed mail item.
This feature aids in identifying and safeguarding sensitive or confidential information in email messages.
Another benefit includes access to additional events not accessible to Audit Standard users.
For instance, Audit Premium users can monitor events connected to eDiscovery activities, such as eDiscoveryCaseCreated, eDiscoveryCaseUpdated, eDiscoveryHoldApplied, and eDiscoverySearchStarted.
These events assist in tracking and auditing the legal discovery procedures and activities carried out by users.
By broadening its event coverage for Audit Standard users, Purview Audit seeks to offer more flexibility and value to its clients seeking increased visibility and control over their cloud security activity events for Microsoft Exchange and SharePoint.
By expanding its event coverage for Audit Standard users, Purview Audit aims to provide more flexibility and value for its customers who want to gain more visibility and control over their cloud security activity events for Microsoft Exchange and SharePoint. Customers can choose the license type that best suits their needs and budget, while still enjoying the benefits of Purview Audit’s comprehensive and integrated auditing capabilities.
Enable Auditing on SharePoint 2010 \ 2013
In this article I have covered steps to enable Auditing on SharePoint 2013 \ 2010 to monitor activity on site.
Steps to Auditing on SharePoint 2013 and SharePoint 2010 are same as shown below:
Click on Site Settings Icon on Right hand top corner of screen and select Site Settings
Under Site collection Administration, you should see Site Collection Audit Settings and Audit Log reports. You need to click on site collection audit settings to enable auditing and then select Audit Log reports to view the reports
Now select Yes, and select below check boxes to enable logging on specific actions
To View Audit logs you need to select Audit Log reports under Site collection Administration.
Note: Auditing some time cause performance issues. Enable it only on required cases or if your system has enough resources to handle it.