check before: 2025-01-31
Product:
Exchange, Microsoft Graph, Purview Communication Compliance
Platform:
Developer, Online, US Instances, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
The HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet will be permanently set to true starting late January 2025, ensuring more complete search results at the expense of longer query times. Users are advised to prepare and consider using the Audit Search Graph API.
Details:
Updated January 27, 2025: We have updated the content. Thank you for your patience.
The Search-UnifiedAuditLog cmdlet gives administrators in your organization access to critical audit log event data to gain insights and further investigate user activities. Microsoft had introduced a new HighCompleteness parameter in this cmdlet in April 2024 that allowed customers to toggle between prioritizing completeness of search results and performance.
We previously announced a change in the behavior of the Search-UnifiedAuditLog cmdlet, specific to the functioning of the HighCompleteness parameter. We had announced plans to deprecate support for this parameter and enforce HighCompleteness on all search queries submitted via the Search-UnifiedAuditLog cmdlet.
Several customers and partners reached out to us with concerns about the performance of the cmdlet in certain scenarios when HighCompleteness is enabled. Based on these concerns, we have decided to postpone the deprecation of the HighCompleteness parameter to a future date. This postponement will allow us to address these concerns before making any lasting changes in the behavior of the cmdlet, and to minimize any impact on customers relying on this cmdlet.
To search the audit log programmatically, you could also consider using our new Audit Search Graph API for programmatic access to audit logs.
Learn more about Purview Audit: Learn about auditing solutions in Microsoft Purview | Microsoft Learn
Learn more about the Search-UnifiedAuditLog cmdlet: Search-UnifiedAuditLog (ExchangePowerShell) | Microsoft Learn
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-12-13
updated:
2025-01-28
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Performance Impact of Search Queries
With the HighCompleteness parameter set to true, search queries will take longer to execute, potentially leading to delays in obtaining critical audit log data.
- roles: IT Administrators, Compliance Officers
- references: https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps, https://learn.microsoft.com/en-us/purview/audit-solutions-overview
User Experience Degradation
Users relying on timely access to audit logs may experience frustration and decreased productivity due to longer wait times for search results.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps, https://learn.microsoft.com/en-us/purview/audit-solutions-overview
Increased Load on IT Resources
The longer query times may lead to increased load on IT infrastructure, potentially affecting other services and applications that rely on the same resources.
- roles: System Administrators, Network Engineers
- references: https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps, https://learn.microsoft.com/en-us/purview/audit-solutions-overview
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Transition to Audit Search Graph API
With the change in the HighCompleteness parameter, transitioning to the Audit Search Graph API can enhance performance and provide more flexibility in querying audit logs. This API is designed for programmatic access and can streamline the process of obtaining necessary audit information, potentially improving user experience for IT administrators.
- next-steps: 1. Conduct a training session for IT staff on the usage of the Audit Search Graph API. 2. Develop a migration plan for current cmdlet users to transition to the API. 3. Monitor performance metrics post-transition to ensure improvements are realized.
- roles: IT Administrators, Compliance Officers
- references: https://learn.microsoft.com/en-us/purview/audit-solutions-overview, https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps
Optimize Query Performance
As the HighCompleteness parameter will be set to true, longer query times may affect user experience. Identifying ways to optimize query performance, such as limiting the scope of queries or implementing caching strategies, can mitigate potential delays.
- next-steps: 1. Analyze current query patterns and identify areas for optimization. 2. Implement caching mechanisms for frequently accessed data. 3. Test the optimized queries in a controlled environment before full deployment.
- roles: IT Administrators, Data Analysts
- references: https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps, https://learn.microsoft.com/en-us/purview/audit-solutions-overview
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/en-us/purview/audit-solutions-overview
Enhanced User Training on New Features
With the change in cmdlet behavior, providing enhanced training for users on how to effectively utilize the new HighCompleteness parameter and the Audit Search Graph API can improve overall user experience and compliance with audit requirements.
- next-steps: 1. Develop comprehensive training materials focusing on the new features. 2. Schedule regular training sessions for end-users and administrators. 3. Gather feedback from users to continuously improve training content.
- roles: IT Trainers, Compliance Officers, End Users
- references: https://learn.microsoft.com/en-us/purview/audit-solutions-overview, https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-01-28 | MC prepare | You could also consider using our new Audit Search Graph API for programmatic access to audit logs. This API is now Generally Available to all our Worldwide and Gov customers.
Learn more about Purview Audit: Learn about auditing solutions in Microsoft Purview | Microsoft Learn Learn more about the Search-UnifiedAuditLog cmdlet: Search-UnifiedAuditLog (ExchangePowerShell) | Microsoft Learn https://learn.microsoft.com/graph/api/resources/security-auditlogquery?view=graph-rest-beta https://learn.microsoft.com/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps https://learn.microsoft.com/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-highcompleteness https://learn.microsoft.com/purview/audit-solutions-overview | https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps
https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-highcompleteness https://learn.microsoft.com/en-us/purview/audit-solutions-overview |
| 2025-01-28 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2025-01-28 | MC Last Updated | 12/13/2024 00:26:28 | 2025-01-27T16:34:33Z |
| 2025-01-28 | MC Messages | The Search-UnifiedAuditLog cmdlet gives administrators in your organization access to critical audit log event data to gain insights and further investigate user activities. Microsoft had introduced a new HighCompleteness parameter in this cmdlet in April 2024 that allowed customers to toggle between prioritizing completeness of search results and performance. When the HighCompleteness parameter is set to true, the search query returns a more complete set of search results, but the query may take a longer time to finish. When set to false, the query runs faster but only returns a subset of results. We recommended setting the parameter to true in scenarios where a complete list of search results was required.
To improve our customers' visibility into their security logging and reduce instances of customers missing out on important audit records in their search results, we are now changing the behavior of the HighCompleteness parameter. Previously, customers could toggle the parameter between true or false. With this change, the HighCompleteness parameter will always be set to true. [When this will happen:] General Availability (Worldwide, GCC, GCC-High, DoD): Starting late January 2025, for all search queries submitted via the Search-UnifiedAuditLog cmdlet, the value of the HighCompleteness parameter will be set to true. | Updated January 27, 2025: We have updated the content. Thank you for your patience.
The Search-UnifiedAuditLog cmdlet gives administrators in your organization access to critical audit log event data to gain insights and further investigate user activities. Microsoft had introduced a new HighCompleteness parameter in this cmdlet in April 2024 that allowed customers to toggle between prioritizing completeness of search results and performance. We previously announced a change in the behavior of the Search-UnifiedAuditLog cmdlet, specific to the functioning of the HighCompleteness parameter. We had announced plans to deprecate support for this parameter and enforce HighCompleteness on all search queries submitted via the Search-UnifiedAuditLog cmdlet. Several customers and partners reached out to us with concerns about the performance of the cmdlet in certain scenarios when HighCompleteness is enabled. Based on these concerns, we have decided to postpone the deprecation of the HighCompleteness parameter to a future date. This postponement will allow us to address these concerns before making any lasting changes in the behavior of the cmdlet, and to minimize any impact on customers relying on this cmdlet. To search the audit log programmatically, you could also consider using our new Audit Search Graph API for programmatic access to audit logs. Learn more about Purview Audit: Learn about auditing solutions in Microsoft Purview | Microsoft Learn Learn more about the Search-UnifiedAuditLog cmdlet: Search-UnifiedAuditLog (ExchangePowerShell) | Microsoft Learn |
| 2025-01-28 | MC Title | Change in behavior of the HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet | (Updated) Change in behavior of the HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet |
| 2025-01-28 | MC How Affect | The HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet will now be set to true for all queries. With this change, the cmdlet will now prioritize completeness of search results over performance. As a result, search queries may take longer to finish.-; |
Last updated 2 weeks ago
