M365 Changelog: Microsoft Purview | Audit: Simplified permissions

MC711660 – As previously communicated in MC679529 (October 2023), Microsoft simplified permissions for Microsoft Purview Audit. This message is a clarification. 

Microsoft has simplified the controls to manage Audit permissions in Microsoft Purview. You can now manage permissions from the Microsoft Purview Compliance portal. To search or export the audit log, administrators or members of investigation teams must be assigned to at least one of the View-Only Audit Logs or Audit Logs roles. These roles can be assigned through the Microsoft Purview Compliance portal. By default, these roles are assigned to the Audit Reader and Audit Manager role groups on the Permissions page in the Compliance portal.

Access to enable or disable auditing and access to audit cmdlets currently requires permissions from the Exchange admin center. You can use the existing Audit Logs and View-Only Audit Logs roles in the Exchange admin center to grant access to enable or disable auditing and access to audit cmdlets. By default, these roles are assigned to the Compliance Management and Organization Management roles on the Permissions page in the Exchange admin center.

Learn more about Audit permission controls: Set up Audit (Standard) in Microsoft 365 | Microsoft Learn.

When this will happen:

This change rolled out in November 2023.

How this will affect your organization:

Microsoft recommends that you use the Compliance portal to manage Audit permissions related to accessing Audit through the Compliance portal user interface. Any existing Audit permissions already assigned through the Exchange admin center will continue to be honored–you do not need to take any action to replicate these permissions at this point. You can learn more about the Audit permission controls at Set up Audit (Standard) in Microsoft 365 | Microsoft Learn.

Audit enables customers to centrally visualize cloud log data generated across their enterprise, thus helping them effectively respond to security events, forensic investigations, internal investigations and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in customers’ unified Audit logs. 

References

Learn about Microsoft Purview Audit: Auditing solutions in Microsoft Purview | Microsoft Learn

Learn about the Compliance portal

Learn about the Exchange admin center: Manage role groups in Exchange Online | Microsoft Learn