Since our announcement in July 2023, we have made significant efforts to enhance the access to Microsoft Purview’s audit logging.1 This ongoing work expands accessibility and flexibility to cloud security logs, which began rolling out to customers around the world in September 2023. Our decision to update the scope of log data accessible from Microsoft’s cloud infrastructure resulted from a close collaboration with both commercial and government customers, as well as ongoing engagement with the Cybersecurity and Infrastructure Security Agency (CISA). It is important to emphasize that log data, while an invaluable resource, is not a preventive measure against cyberattacks. Rather, it plays a pivotal role in incident response by helping uncover auditable insights into the methods by which various entities, such as user identities, applications, and devices, interact with a customer’s cloud-based services. In addition to that vital work, we have several other updates coming to Microsoft Purview Audit in the coming weeks.
Discover new capabilities that will transform how you secure your organization’s data across clouds, devices, and platforms.
Starting in October 2023, we began rolling out changes to extend default retention to 180 days from 90 for audit logs generated by Audit (Standard) customers. Audit (Premium) license holders will continue with a default of one year, and the option to extend up to 10 years. Our public roadmaps detail when retention changes will reach your organization, starting with worldwide enterprise customers and quickly followed by our government customers in accordance with our standard service rollout process. This update helps all organizations minimize risk by increasing access to historical audit log activity data that is critical when investigating the impact from a security breach incident or accommodating a litigation event.
Every day, Microsoft Purview Audit Logs record and retain the thousands of user and admin activities that take place in Microsoft 365 applications. Authorized administrators can search and access the logs from the Microsoft Purview compliance portal to determine the scope of a compromise and enhance their investigations. Audit (Standard) license holders will be able to access an additional 30 audit logs, shown in the table below over the next several months. To learn more about when the logs will be available in your tenant, please visit the Public roadmap.
Exchange Send, MailItemsAccessed, SearchQueryInitiatedExchange SharePoint Online |
Microsoft Teams MeetingParticipantDetail, MessageSent, MessagesListed, MeetingDetail, MessageUpdated, ChatRetrieved MessageRead, MessageHostedContentRead, SubscribedToMessages, MessageHostedContentsListed, ChatCreated, ChatUpdated MessageCreatedNotification, MessageDeletedNotification, MessageUpdatedNotification Microsoft Viva Engage ThreadViewed, ThredAccessFailure, MessageUpdated, FileAccessFailure, MessageCreation, GroupAccessFailure |
Microsoft has worked closely with CISA to identify these critical logs and include them in our Microsoft Purview Audit (Standard) license. Audit (Premium) license holders will continue to get longer default retention, broader access to export data, higher bandwidth API access, and logs enriched by Microsoft’s AI-powered intelligent insights.
In addition to the retention extension and newly available logs, we also have a number of new enhancements in Purview Audit recently released or coming soon, that will help improve your experience:
We are pleased to share today’s cloud logging update as a continuation of the thoughtful conversations we’ve had with our security experts, customers, and influential authorities like CISA. Please visit the Public roadmap to get the latest information on updates coming to Microsoft Purview Audit.
Learn more about Microsoft Purview Audit or sign up now for a free trial.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X, formerly known as Twitter, (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Expanding cloud logging to give customers deeper security visibility, Vasu Jakkal. July 19, 2023.
The post Expanding audit logging and retention within Microsoft Purview for increased security visibility appeared first on Microsoft Security Blog.
Source: Microsoft Security