MC711333 – In Microsoft Purview, new standard logs will be available for Microsoft Exchange, Microsoft SharePoint, and Microsoft Teams workloads.
This message is associated with Microsoft 365 Roadmap IDs 182259 (Exchange and SharePoint) and 182242 (Teams).
When this will happen:
Public Preview: Microsoft will begin rolling out early-March 2024 and expect to complete by mid-June 2024.
Standard Release: Microsoft will begin rolling out late June 2024 and expect to complete by mid-September 2024.
How this will affect your organization:
Microsoft Purview is expanding access to wider cloud security activity events for Exchange, Teams, and SharePoint. As part of the changes, standard users of Purview Audit will begin to generate new Exchange, Teams, and SharePoint events that were previously generated only for Audit Premium licensed users.
Here are the new standard logs:
Exchange
SharePoint
Teams
What you need to do to prepare:
The Exchange MailItemsAccessed and send logs are enabled by default unless the mailbox’s DefaultAuditSet settings were modified. To ensure these new standard logs are generated, an admin may need to ensure the appropriate mailbox settings are enabled.
Use this command to check if a mailbox is currently using the default audit settings:
The DefaultAuditSet property is returned by the Get-Mailbox cmdlet. A mailbox using the defaults will show the following result:
If any of those values are missing, the mailbox is not using the default audit settings. To ensure the new standard Exchange logs mailitemsaccessed and Send are stored, admins will either need to make sure Audit mailboxes are configured to the default settings or add the new standard logs to each mailbox. These changes can be made in Exchange Online PowerShell:
Option 1: Reset each mailbox to the default settings using this command:
Option 2: Add the new standard logs to each mailbox. This command will add (only) the new Standard logs for each mailbox, retaining any existing customization, but any future changes to the defaults will need to be added when those future logs are released:
For more information: How Microsoft is expanding cloud logging to give customers deeper security visibility | Microsoft Security Blog
Previous Microsoft 365 suite Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.