MC917742 – (Updated) Microsoft Viva Engage (Yammer): Enhanced audit log schema (archived)

Product:

Entra, Microsoft Viva, Microsoft Viva Engage, Purview Communication Compliance

Platform:

Online, World tenant

Status:

Change type:

Admin impact, Feature update, Updated message

Links:

Details:

Summary:
The Microsoft Viva Engage (Yammer) audit log schema will be updated to include unique identifiers for both the user performing an action and the user/object affected. New parameters and field changes will enhance transparency and tracking capabilities. Rollout will begin mid-December 2024 and complete by late December 2024.

Details:
Updated December 11, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Viva Engage (Yammer): We will update the audit log schema to include parameters that uniquely identify both the user performing an action (actor) and the user/object affected by that action (target).
After this rollout:
The actor will be identified by their unique Microsoft Entra ID ObjectId, stored in the UserKey field.
The target will be identified by a new parameter TargetObjectId that will also store the target's Entra ID ObjectId.
To improve transparency on changes to admin roles and other key scenarios, a new ModifiedProperties parameter will capture both the old and new values of modified fields.
These new parameters will be available for users with an E3 license.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-December 2024 (previously late November) and expected to complete by late December 2024 (previously mid-January 2025).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-10-25

updated:
2024-12-12

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Audit Log Changes
The update to the audit log schema may lead to confusion among users if they are not informed about the new parameters (UserKey and TargetObjectId) and their implications. This could result in misinterpretation of audit logs and potential compliance issues.
   - roles: Compliance Officer, IT Administrator
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal

Script Compatibility
Existing PowerShell scripts and custom queries that rely on the old UserKey mapping (Passport ID) will fail or return incorrect results, leading to operational disruptions and increased troubleshooting time.
   - roles: IT Administrator, DevOps Engineer
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://sip.compliance.microsoft.com/homepage

User Experience
Users may experience delays or issues in accessing audit logs if they are not aware of the changes, leading to frustration and decreased productivity as they adapt to the new schema.
   - roles: End User, Compliance Officer
   - references: https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal, https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced User Tracking and Compliance
The updated audit log schema introduces unique identifiers for users involved in actions, which will improve tracking and compliance capabilities. This transparency allows for better monitoring of user activities and changes in admin roles, which can lead to enhanced security and accountability within the organization.
   - next-steps: Train compliance and security teams on the new audit log features and how to leverage them for monitoring user activities. Update internal documentation to reflect the new parameters and their implications for tracking and compliance.
   - roles: Compliance Officer, Security Analyst, IT Administrator
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal

Improved Audit Log Queries
With the introduction of new parameters such as TargetObjectId and ModifiedProperties, IT administrators can create more precise queries for audit logs. This improvement will enable quicker identification of issues and better reporting capabilities.
   - next-steps: Develop new query templates that utilize the updated parameters. Conduct training sessions for IT staff on how to effectively use the new fields in PowerShell commands and custom scripts.
   - roles: IT Administrator, Data Analyst, System Auditor
   - references: https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal, https://sip.compliance.microsoft.com/homepage

Streamlined Administrative Processes
The new audit log features allow for a more efficient tracking of administrative changes, such as role modifications and policy updates. This can reduce the time spent on audits and increase the efficiency of administrative operations.
   - next-steps: Review current administrative processes to identify areas where the new audit log features can be integrated. Create a plan to automate reporting for administrative changes using the new log data.
   - roles: IT Administrator, Operations Manager, Compliance Officer
   - references: https://learn.microsoft.com/viva/engage/track-engage-events#view-the-audit-sign-in-the-microsoft-365-security--compliance-portal, https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/audit-search?view=o365-worldwide&tabs=microsoft-purview-portal

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only