MC955752 – Change in behavior of the HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet

Microsoft Exchange Logo

check before: 2025-01-31

Product:

Exchange, Microsoft Graph, Purview Communication Compliance

Platform:

Developer, Online, US Instances, World tenant

Status:

Change type:

Feature update, Admin impact

Links:

Details:

Summary:
The HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet will be permanently set to true starting late January 2025, ensuring more complete search results at the expense of longer query times. Users are advised to prepare and consider using the Audit Search Graph API.

Details:
The Search-UnifiedAuditLog cmdlet gives administrators in your organization access to critical audit log event data to gain insights and further investigate user activities. Microsoft had introduced a new HighCompleteness parameter in this cmdlet in April 2024 that allowed customers to toggle between prioritizing completeness of search results and performance. When the HighCompleteness parameter is set to true, the search query returns a more complete set of search results, but the query may take a longer time to finish. When set to false, the query runs faster but only returns a subset of results. We recommended setting the parameter to true in scenarios where a complete list of search results was required.
To improve our customers' visibility into their security logging and reduce instances of customers missing out on important audit records in their search results, we are now changing the behavior of the HighCompleteness parameter. Previously, customers could toggle the parameter between true or false. With this change, the HighCompleteness parameter will always be set to true.
[When this will happen:]
General Availability (Worldwide, GCC, GCC-High, DoD): Starting late January 2025, for all search queries submitted via the Search-UnifiedAuditLog cmdlet, the value of the HighCompleteness parameter will be set to true.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2024-12-13

updated:
2024-12-13

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Starting January 2025, the Search-UnifiedAuditLog cmdlet will automatically perform a thorough search to ensure complete data retrieval, potentially taking longer, while the Audit Search Graph API is recommended for quicker access to audit logs.

Direct effects for Operations**

Increased Query Times
With the HighCompleteness parameter always set to true, search queries will take longer to complete, potentially leading to delays in obtaining critical audit log data.
   - roles: IT Administrators, Compliance Officers
   - references: https://learn.microsoft.com/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-highcompleteness, https://learn.microsoft.com/purview/audit-solutions-overview

User Experience Degradation
Users may experience frustration due to longer wait times for search results, impacting their ability to perform timely investigations and audits.
   - roles: End Users, Security Analysts
   - references: https://learn.microsoft.com/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-highcompleteness, https://learn.microsoft.com/purview/audit-solutions-overview

Need for Alternative Solutions
Organizations may need to adapt to using the Audit Search Graph API for faster access to audit logs, requiring additional training and adjustments in workflows.
   - roles: IT Administrators, Developers
   - references: https://learn.microsoft.com/graph/api/resources/security-auditlogquery?view=graph-rest-beta, https://learn.microsoft.com/purview/audit-solutions-overview

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Last updated 4 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!