{"id":23199,"date":"2023-10-30T08:37:17","date_gmt":"2023-10-30T16:37:17","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/10\/30\/news-16929\/"},"modified":"2023-10-30T08:37:17","modified_gmt":"2023-10-30T16:37:17","slug":"news-16929","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/10\/30\/news-16929\/","title":{"rendered":"Expanding audit logging and retention within Microsoft Purview for increased security visibility"},"content":{"rendered":"

Credit to Author: Rudra Mitra| Date: Wed, 18 Oct 2023 16:00:00 +0000<\/strong><\/p>\n

Since our announcement in July 2023, we have made significant efforts to enhance the access to Microsoft Purview’s audit logging.1<\/sup> This ongoing work expands accessibility and flexibility to cloud security logs, which began rolling out to customers around the world in September 2023. Our decision to update the scope of log data accessible from Microsoft’s cloud infrastructure resulted from a close collaboration with both commercial and government customers, as well as ongoing engagement with the Cybersecurity and Infrastructure Security Agency (CISA). It is important to emphasize that log data, while an invaluable resource, is not a preventive measure against cyberattacks. Rather, it plays a pivotal role in incident response by helping uncover auditable insights into the methods by which various entities, such as user identities, applications, and devices, interact with a customer’s cloud-based services. In addition to that vital work, we have several other updates coming to Microsoft Purview Audit<\/a> in the coming weeks.<\/p>\n

\n
\n
\n
\n
\n

Microsoft Purview Audit<\/h2>\n
\n

Discover new capabilities that will transform how you secure your organization's data across clouds, devices, and platforms.<\/p>\n<\/p><\/div>\n

\t\t\t\t\t\t\t \t\t\t\t\t\t\t\tLearn more<\/span> \t\t\t\t\t\t\t\t<\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
\t\t\t\t\t\"Microsoft\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

New default retention period for activity logs<\/h2>\n

Starting in October 2023, we began rolling out changes to extend default retention<\/strong> to 180 days<\/strong> from 90 for audit logs generated by Audit (Standard) customers. Audit (Premium) license holders will continue with a default of one year, and the option to extend up to 10 years. Our public roadmaps detail when retention changes will reach your organization, starting with worldwide enterprise customers<\/a> and quickly followed by our government customers<\/a> in accordance with our standard service rollout process. This update helps all organizations minimize risk by increasing access to historical audit log activity data that is critical when investigating the impact from a security breach incident or accommodating a litigation event.<\/p>\n

New logs for increased security<\/h2>\n

Every day, Microsoft Purview Audit Logs record and retain the thousands of user and admin activities that take place in Microsoft 365<\/a> applications. Authorized administrators can search and access the logs from the Microsoft Purview compliance portal<\/a> to determine the scope of a compromise and enhance their investigations. Audit (Standard) license holders will be able to access an additional 30 audit logs, shown in the table below over the next several months. To learn more about when the logs will be available in your tenant, please visit the Public roadmap<\/a>.<\/p>\n

\n\n\n\n
Exchange<\/a><\/strong>
Send, MailItemsAccessed,
SearchQueryInitiatedExchange<\/p>\n

SharePoint Online<\/a><\/strong>
SearchQueryInitiatedSharePoint

Stream<\/a><\/strong>
StreamInvokeGetTranscript, streamInvokeChannelView,
StreamInvokeGetTextTrack, StreamInvokeGetVideo,
StreamInvokeGroupView<\/td>\n

Microsoft Teams<\/a><\/strong>
MeetingParticipantDetail, MessageSent,
MessagesListed, MeetingDetail,
MessageUpdated, ChatRetrieved
MessageRead, MessageHostedContentRead,
SubscribedToMessages, MessageHostedContentsListed,
ChatCreated, ChatUpdated
MessageCreatedNotification, MessageDeletedNotification,
MessageUpdatedNotification

Microsoft Viva Engage<\/a><\/strong>
ThreadViewed, ThredAccessFailure,
MessageUpdated, FileAccessFailure,
MessageCreation, GroupAccessFailure<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Microsoft has worked closely with CISA<\/a> to identify these critical logs and include them in our Microsoft Purview Audit (Standard) license. Audit (Premium) license holders will continue to get longer default retention, broader access to export data, higher bandwidth API access, and logs enriched by Microsoft’s AI-powered intelligent insights.<\/p>\n

Additional enhancements recently released and coming soon<\/h2>\n

In addition to the retention extension and newly available logs, we also have a number of new enhancements in Purview Audit recently released or coming soon, that will help improve your experience:<\/p>\n