New Blog | Increased security visibility through new Standard Logs in Microsoft Purview Audit
By
Microsoft Purview Audit provides an integrated solution to help organizations effectively respond to security incidents, forensic investigations, internal investigations, and compliance obligations. As announced in the previous Microsoft blogs in July 2023 and October 2023, Microsoft Purview Audit is expanding access to wider cloud security activity logs. As part of the changes, Audit (Standard) license holders will be able to access an additional 30 audit logs that were previously generated only for Audit (Premium) license holders. Eleven new Standard logs under Stream and Viva Engage workloads became Generally Available in November 2023.
We are excited to announce that the remaining 19 new Standard logs under Exchange, Microsoft Teams, and SharePoint Online workloads are now available in Public Preview to all Worldwide and Gov cloud customers. To learn more about when these logs will become Generally Available in your tenant, please visit the Public roadmap.
Overview of New Standard Logs
19 new Standard logs are now available in Public Preview under Exchange, Microsoft Teams, and SharePoint Online workloads. The following table provides details of these logs.
Workload
Operation
Description
Exchange
send
A message was sent, replied to or forwarded.
mailitemsaccessed
Messages were read or accessed in mailbox.
searchqueryinitiatedexchange
Triggered when a user searches for items in an Exchange mailbox.
Teams
meetingparticipantdetail
Teams added information about the participants of a meeting, including the user ID of each participant, the time a participant joined the meeting, and the time a participant left the meeting.
messagesent
A new message was posted to a chat or channel.
messageslisted
Messages from a chat or channel were retrieved.
meetingdetail
Teams added information about a meeting, including the start time, the end time, and the URL to join the meeting.
messageupdated
A message of a chat or channel was updated.
chatretrieved
A Microsoft Teams chat was retrieved.
messageread
A message from a chat or channel was retrieved.
messagehostedcontentread
Hosted content in a message, such as an image or a code snippet, was retrieved.
subscribedtomessages
A subscription was created by a listener application to receive change notifications for messages.
messagehostedcontentslisted
All hosted content in a message, such as images or code snippets, was retrieved.
chatcreated
A Teams chat was created.
chatupdated
A Teams chat was updated.
messagecreatednotification
A change notification was sent to notify a subscribed listener application of a new message.
messagedeletednotification
A change notification was sent to notify a subscribed listener application of a deleted message.
messageupdatednotification
A change notification was sent to notify a subscribed listener application of an updated message.
SharePointOnline
searchqueryinitiatedsharepoint
Triggered when a user searches for items in SharePoint sites of the organization.
Read the full post here: Increased security visibility through new Standard Logs in Microsoft Purview Audit
By
Microsoft Purview Audit provides an integrated solution to help organizations effectively respond to security incidents, forensic investigations, internal investigations, and compliance obligations. As announced in the previous Microsoft blogs in July 2023 and October 2023, Microsoft Purview Audit is expanding access to wider cloud security activity logs. As part of the changes, Audit (Standard) license holders will be able to access an additional 30 audit logs that were previously generated only for Audit (Premium) license holders. Eleven new Standard logs under Stream and Viva Engage workloads became Generally Available in November 2023.
We are excited to announce that the remaining 19 new Standard logs under Exchange, Microsoft Teams, and SharePoint Online workloads are now available in Public Preview to all Worldwide and Gov cloud customers. To learn more about when these logs will become Generally Available in your tenant, please visit the Public roadmap.
Overview of New Standard Logs
19 new Standard logs are now available in Public Preview under Exchange, Microsoft Teams, and SharePoint Online workloads. The following table provides details of these logs.
Workload
Operation
Description
Exchange
send
A message was sent, replied to or forwarded.
mailitemsaccessed
Messages were read or accessed in mailbox.
searchqueryinitiatedexchange
Triggered when a user searches for items in an Exchange mailbox.
Teams
meetingparticipantdetail
Teams added information about the participants of a meeting, including the user ID of each participant, the time a participant joined the meeting, and the time a participant left the meeting.
messagesent
A new message was posted to a chat or channel.
messageslisted
Messages from a chat or channel were retrieved.
meetingdetail
Teams added information about a meeting, including the start time, the end time, and the URL to join the meeting.
messageupdated
A message of a chat or channel was updated.
chatretrieved
A Microsoft Teams chat was retrieved.
messageread
A message from a chat or channel was retrieved.
messagehostedcontentread
Hosted content in a message, such as an image or a code snippet, was retrieved.
subscribedtomessages
A subscription was created by a listener application to receive change notifications for messages.
messagehostedcontentslisted
All hosted content in a message, such as images or code snippets, was retrieved.
chatcreated
A Teams chat was created.
chatupdated
A Teams chat was updated.
messagecreatednotification
A change notification was sent to notify a subscribed listener application of a new message.
messagedeletednotification
A change notification was sent to notify a subscribed listener application of a deleted message.
messageupdatednotification
A change notification was sent to notify a subscribed listener application of an updated message.
SharePointOnline
searchqueryinitiatedsharepoint
Triggered when a user searches for items in SharePoint sites of the organization.
Read the full post here: Increased security visibility through new Standard Logs in Microsoft Purview Audit
