M365 Changelog: Microsoft Purview | Audit search: New filters will be available

MC789312 – In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal’s audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.

These four fields are described below:

New filter field	Description
Id	Unique identifier of an audit record.
UserType	The type of user that performed the operation. See the UserType table for details on the types of users.
UserKey	Azure Active Directory Object ID in GUID format.
ClientIP	The IP address of the device that was used when the activity was logged.

This message is associated with Microsoft 365 Roadmap ID 384092.

When this will happen:

Public Preview: We will begin rolling out late May 2024 and expect to complete by mid-June 2024.

General Availability (Worldwide): We will begin rolling out mid-June 2024 and expect to complete by late June 2024.

How this will affect your organization:

Security admins in your organization who use audit in the Microsoft Purview compliance portal will be able to use these four additional fields to retrieve relevant audit logs.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your users about this change and update any relevant documentation as appropriate.

Additional resources

• Search the audit log | Microsoft Learn