check before: 2025-08-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal
Platform:
US Instances, Web, World tenant
Status:
Launched
Change type:
Links:
Details:
To improve clarity and transparency, we’re updating the audit data for events related to Microsoft Purview role group membership changes. This update affects audit events under the SecurityComplianceRBAC workload (RecordType 87), specifically for operations for GrantPermission, DeletePermission. While the audit schema remains unchanged, the PreExecutionMessage and PostExecutionMessage fields will be refined to better reflect the nature of the changes captured in the logs. Action Required: If your organization consumes these audit log events programmatically (e.g., via scripts or automation tools), please review and update your parsing logic to accommodate the enhanced message content. Rollout Timeline: This change will be rolled out starting in August. We recommend validating your systems against the updated message format as soon as it becomes available in your environment.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2025-05-21
updated:
2026-01-21
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Audit Log Changes
Changes to the audit log format may lead to misinterpretation of role group membership changes if parsing logic is not updated, potentially causing compliance issues.
- roles: Compliance Officer, IT Administrator
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-purview-compliance-portal-upcoming-update-to-audit/ba-p/3851230
Automation Tool Failures
Existing automation tools that rely on the current audit log format may fail to function correctly, leading to disruptions in monitoring and reporting processes.
- roles: DevOps Engineer, IT Administrator
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-purview-compliance-portal-upcoming-update-to-audit/ba-p/3851230
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is making some updates to how changes in role group memberships are recorded in the Microsoft Purview compliance portal. Think of this like updating the way a security guard logs who enters and exits a building. Previously, the log might have simply noted "someone entered" or "someone left." Now, the log will provide more detailed information about these actions, making it clearer who did what and when.
For those who use automated systems or scripts to track these logs, it's like updating your translation software to understand a new dialect. The core language (or schema) remains the same, but the nuances in how actions are described will be clearer. If your systems are set up to read these logs automatically, you'll need to tweak them a bit to understand the new, more detailed entries.
The changes will start rolling out in August, so it's a good idea to test your systems with the new format as soon as it becomes available. This way, you can ensure everything continues to run smoothly without missing any important details.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-01-21 | RM Product Tags | Microsoft Purview compliance portal | Microsoft Purview |
| 2025-11-17 | RM Status | In development | Launched |
Last updated 4 weeks ago ago
