check before: 2024-08-01
Product:
Entra, Microsoft 365 suite, Purview Communication Compliance
Platform:
Web, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
The message details an update to Microsoft Purview's audit search with four new filters: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required for the rollout.
Details:
Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below:
New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.
This message is associated with Microsoft 365 Roadmap ID 384092.
[When this will happen:]
Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by mid-November 2024 (previously mid-September).
General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by late November 2024 (previously mid-October).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2024-05-01
updated:
2024-09-06
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
explanation for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Complexity in Audit Searches
The introduction of new filters may lead to confusion among users who are not familiar with the new fields, potentially resulting in inefficient searches and missed audit logs.
- roles: Security Admin, Compliance Officer
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092
Potential for Misinterpretation of Data
Users may misinterpret the new filters, leading to incorrect conclusions about user activities and compliance status, which could affect decision-making processes.
- roles: Security Admin, Compliance Officer
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092
User Training and Documentation Gaps
Without prior preparation, users may lack adequate training on the new filters, resulting in underutilization of the audit search capabilities and potential compliance risks.
- roles: Security Admin, Compliance Officer
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092
Configutation Options**
Audit Search Filters Configuration
Configure the new filters in Microsoft Purview's audit search to enhance log retrieval capabilities.
- technical instructions: No specific technical instructions are required for enabling the new filters as they will be available automatically during the rollout.
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://www.microsoft.com/en-us/microsoft-365/roadmap?rtc=1%26filters=&searchterms=384092
UserType Identification
Utilize the UserType filter to identify the type of user performing operations in the audit logs.
- technical instructions: Refer to the UserType table in Microsoft documentation for details on user types.
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal
ClientIP Tracking
Track the IP address of devices used during logged activities using the ClientIP filter.
- technical instructions: Access the audit logs and apply the ClientIP filter to view relevant entries.
- references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2024-09-06 | MC Messages | Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by early December 2024 (previously mid-September). General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by mid-December 2024 (previously mid-October). | Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by mid-November 2024 (previously mid-September). General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by late November 2024 (previously mid-October). |
2024-09-06 | MC Last Updated | 09/04/2024 23:56:37 | 2024-09-06T01:00:10Z |
2024-09-06 | MC Summary | Microsoft Purview's audit search will have four new filter fields: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required before the rollout. | The message details an update to Microsoft Purview's audit search with four new filters: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required for the rollout. |
2024-09-05 | MC Last Updated | 07/10/2024 16:00:12 | 2024-09-04T23:56:37Z |
2024-09-05 | MC Messages | Updated July 10, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out mid-August 2024 (previously early July) and expect to complete by mid-September 2024 (previously late July). General Availability (Worldwide): We will begin rolling out mid-September 2024 (previously late July) and expect to complete by mid-October 2024 (previously late August). | Updated September 4, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out early November 2024 (previously mid-August) and expect to complete by early December 2024 (previously mid-September). General Availability (Worldwide): We will begin rolling out mid-November 2024 (previously mid-September) and expect to complete by mid-December 2024 (previously mid-October). |
2024-09-05 | MC End Time | 11/18/2024 08:00:00 | 2025-01-27T08:00:00Z |
2024-09-05 | MC Summary | Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in mid-August 2024 and full rollout by mid-October 2024. No admin action is required before the rollout. | Microsoft Purview's audit search will have four new filter fields: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting early November 2024 and General Availability mid-November 2024. No admin action is required before the rollout. |
2024-07-11 | MC Last Updated | 06/14/2024 00:08:50 | 2024-07-10T16:00:12Z |
2024-07-11 | MC Messages | Updated June 13, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out early July 2024 (previously late May) and expect to complete by late July 2024 (previously mid-June). General Availability (Worldwide): We will begin rolling out late July 2024 (previously mid-June) and expect to complete by late August 2024 (previously late June). | Updated July 10, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out mid-August 2024 (previously early July) and expect to complete by mid-September 2024 (previously late July). General Availability (Worldwide): We will begin rolling out mid-September 2024 (previously late July) and expect to complete by mid-October 2024 (previously late August). |
2024-07-11 | MC End Time | 09/30/2024 09:00:00 | 2024-11-18T08:00:00Z |
2024-07-11 | MC Summary | Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in early July 2024 and full rollout by late July 2024. No admin action is required before the rollout. | Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in mid-August 2024 and full rollout by mid-October 2024. No admin action is required before the rollout. |
2024-06-14 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
2024-06-14 | MC Summary | Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in late May 2024 and full rollout by late June 2024. No admin action is required before the rollout. | Microsoft Purview's audit search is adding four new filters: Id, UserType, UserKey, and ClientIP. These will help organizations better investigate user activities. The update is part of Microsoft 365 Roadmap ID 384092, with a Public Preview in early July 2024 and full rollout by late July 2024. No admin action is required before the rollout. |
2024-06-14 | MC Last Updated | 05/01/2024 01:45:02 | 2024-06-14T00:08:50Z |
2024-06-14 | MC Messages | In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.
These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out late May 2024 and expect to complete by mid-June 2024. General Availability (Worldwide): We will begin rolling out mid-June 2024 and expect to complete by late June 2024. | Updated June 13, 2024: We have updated the rollout timeline below. Thank you for your patience.
In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI. These four fields are described below: New filter fieldDescription IdUnique identifier of an audit record. UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users. UserKeyAzure Active Directory Object ID in GUID format. ClientIPThe IP address of the device that was used when the activity was logged. This message is associated with Microsoft 365 Roadmap ID 384092. [When this will happen:] Public Preview: We will begin rolling out early July 2024 (previously late May) and expect to complete by late July 2024 (previously mid-June). General Availability (Worldwide): We will begin rolling out late July 2024 (previously mid-June) and expect to complete by late August 2024 (previously late June). |
2024-06-14 | MC Title | Microsoft Purview | Audit search: New filters will be available | (Updated) Microsoft Purview | Audit search: New filters will be available |
2024-06-14 | MC End Time | 08/05/2024 09:00:00 | 2024-09-30T09:00:00Z |
Last updated 4 weeks ago