MC789312 – (Updated) Microsoft Purview | Audit search: New filters will be available

cloudscout.one Icon

check before: 2024-08-01

Product:

Entra, Microsoft 365 suite, Purview Communication Compliance

Platform:

Web, World tenant

Status:

In development

Change type:

Admin impact, New feature, Updated message

Links:

384092

Details:

Summary:
The message details an update to Microsoft Purview's audit search with four new filters: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required for the rollout.

Details:
Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by mid-November 2024 (previously mid-September).
General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by late November 2024 (previously mid-October).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2024-05-01

updated:
2024-09-06

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

explanation for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased Complexity in Audit Searches
The introduction of new filters may lead to confusion among users who are not familiar with the new fields, potentially resulting in inefficient searches and missed audit logs.
   - roles: Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092

Potential for Misinterpretation of Data
Users may misinterpret the new filters, leading to incorrect conclusions about user activities and compliance status, which could affect decision-making processes.
   - roles: Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092

User Training and Documentation Gaps
Without prior preparation, users may lack adequate training on the new filters, resulting in underutilization of the audit search capabilities and potential compliance risks.
   - roles: Security Admin, Compliance Officer
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092

Configutation Options**

Audit Search Filters Configuration
Configure the new filters in Microsoft Purview's audit search to enhance log retrieval capabilities.
   - technical instructions: No specific technical instructions are required for enabling the new filters as they will be available automatically during the rollout.
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092

UserType Identification
Utilize the UserType filter to identify the type of user performing operations in the audit logs.
   - technical instructions: Refer to the UserType table in Microsoft documentation for details on user types.
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal

ClientIP Tracking
Track the IP address of devices used during logged activities using the ClientIP filter.
   - technical instructions: Access the audit logs and apply the ClientIP filter to view relevant entries.
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-09-06MC MessagesUpdated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by early December 2024 (previously mid-September).
General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by mid-December 2024 (previously mid-October).
Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by mid-November 2024 (previously mid-September).
General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by late November 2024 (previously mid-October).
2024-09-06MC Last Updated09/04/2024 23:56:372024-09-06T01:00:10Z
2024-09-06MC SummaryMicrosoft Purview's audit search will have four new filter fields: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required before the rollout.The message details an update to Microsoft Purview's audit search with four new filters: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required for the rollout.
2024-09-05MC Last Updated07/10/2024 16:00:122024-09-04T23:56:37Z
2024-09-05MC MessagesUpdated July 10, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out mid-August 2024 (previously early July) and expect to complete by mid-September 2024 (previously late July).
General Availability (Worldwide): We will begin rolling out mid-September 2024 (previously late July) and expect to complete by mid-October 2024 (previously late August).
Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by early December 2024 (previously mid-September).
General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by mid-December 2024 (previously mid-October).
2024-09-05MC End Time11/18/2024 08:00:002025-01-27T08:00:00Z
2024-09-05MC SummaryMicrosoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in mid-August 2024 and full rollout by mid-October 2024. No admin action is required before the rollout.Microsoft Purview's audit search will have four new filter fields: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required before the rollout.
2024-07-11MC Last Updated06/14/2024 00:08:502024-07-10T16:00:12Z
2024-07-11MC MessagesUpdated June 13, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early July 2024 (previously late May) and expect to complete by late July 2024 (previously mid-June).
General Availability (Worldwide): We will begin rolling out late July 2024 (previously mid-June) and expect to complete by late August 2024 (previously late June).
Updated July 10, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out mid-August 2024 (previously early July) and expect to complete by mid-September 2024 (previously late July).
General Availability (Worldwide): We will begin rolling out mid-September 2024 (previously late July) and expect to complete by mid-October 2024 (previously late August).
2024-07-11MC End Time09/30/2024 09:00:002024-11-18T08:00:00Z
2024-07-11MC SummaryMicrosoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in early July 2024 and full rollout by late July 2024. No admin action is required before the rollout.Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in mid-August 2024 and full rollout by mid-October 2024. No admin action is required before the rollout.
2024-06-14MC MessageTagNamesNew feature, Admin impactUpdated message, New feature, Admin impact
2024-06-14MC SummaryMicrosoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in late May 2024 and full rollout by late June 2024. No admin action is required before the rollout.Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in early July 2024 and full rollout by late July 2024. No admin action is required before the rollout.
2024-06-14MC Last Updated05/01/2024 01:45:022024-06-14T00:08:50Z
2024-06-14MC MessagesIn Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out late May 2024 and expect to complete by mid-June 2024.
General Availability (Worldwide): We will begin rolling out mid-June 2024 and expect to complete by late June 2024.
Updated June 13, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early July 2024 (previously late May) and expect to complete by late July 2024 (previously mid-June).
General Availability (Worldwide): We will begin rolling out late July 2024 (previously mid-June) and expect to complete by late August 2024 (previously late June).
2024-06-14MC TitleMicrosoft Purview | Audit search: New filters will be available(Updated) Microsoft Purview | Audit search: New filters will be available
2024-06-14MC End Time08/05/2024 09:00:002024-09-30T09:00:00Z

Last updated 4 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!