This event can help investigators identify data breaches and determine the scope of messages that may have been compromised. The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail protocols and mail clients. Other Audit (Premium) events in Microsoft 365.
#Exchange online admin audit log license
Users must be assigned an Audit (Premium) license so that audit logs will be generated when users perform these events.Īudit (Premium) provides the following events: In addition to these events in Exchange and SharePoint, there are events in other Microsoft 365 services that are considered important events and require that users are assigned the appropriate Audit (Premium) license.
These events can help you investigate possible breaches and determine the scope of compromise. Audit (Premium) eventsĪudit (Premium) helps organizations to conduct forensic and compliance investigations by providing access to important events such as when mail items were accessed, when mail items were replied to and forwarded, and when and what a user searched for in Exchange Online and SharePoint Online. These change don't change any previously committed items.
Any changes to licensing or applicable retention policies change the expiration time of the audit data after updating. The audit item lifetime for data is determined when it is added to the auditing pipeline and is based on the licensing defaults or applicable retention policies. For more information, see Manage audit log retention policies. Also note that any custom audit log retention policy will take precedence over the default audit retention policy in case you need retain Exchange, SharePoint, or Azure Active Directory audit records for less than a year (or for 10 years) for some or all users in your organization. You can also specify how long to retain audit records that match the policy and a priority level so that specific policies will take priority over other policies.
This policy is not retroactive and can't retain audit logs that were generated before the 10-year audit log retention policy was created. After this license is assigned to a user and an appropriate 10-year audit log retention policy is set for that user, audit logs covered by that policy will start to be retained for the 10-year period. Retaining audit logs for 10 years will require an additional per-user add-on license. The 10-year retention of audit logs helps support long running investigations and respond to regulatory, legal, and internal obligations.
In addition to the one-year retention capabilities of Audit (Premium), we've also released the capability to retain audit logs for 10 years. For more information, see the "Default audit log retention policy" section in Manage audit log retention policies. Retaining audit records for longer periods can help with on-going forensic or compliance investigations. This is accomplished by a default audit log retention policy that retains any audit record that contains the value of AzureActiveDirectory, Exchange, OneDrive, or SharePoint, for the Workload property (which indicates the service in which the activity occurred) for one year. Long-term retention of audit logsĪudit (Premium) retains all Exchange, SharePoint, and Azure Active Directory audit records for one year.
#Exchange online admin audit log trial
Learn details about signing up and trial terms. Start now at the Microsoft Purview compliance portal trials hub. If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs.
0 kommentar(er)
