Message ID: MC917742
Coming soon to Microsoft Viva Engage (Yammer): We will update the audit log schema to include parameters that uniquely identify both the user performing an action (actor) and the user/object affected by that action (target).
After this rollout:
- The actor will be identified by their unique Microsoft Entra ID
ObjectId
, stored in theUserKey
field. - The target will be identified by a new parameter
TargetObjectId
that will also store the target’s Entra IDObjectId
. - To improve transparency on changes to admin roles and other key scenarios, a new
ModifiedProperties
parameter will capture both the old and new values of modified fields.
These new parameters will be available for users with an E3 license.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out end-November 2024 and expected to complete by late December 2024.
[How this will affect your organization:]
After this rollout, for admins querying audit logs in the Microsoft Purview compliance portal (Microsoft Purview compliance portal > System > Audit), the UserKey
will represent the Entra ID ObjectId
of the actor. If you are using Microsoft PowerShell commands or custom scripts, please ensure that you are retrieving the correct value for UserKey
to identify the actor. Also, ensure any scripts that need to identify the target are using TargetObjectId
.
Before the rollout, UserKey
was populated with the target user’s Passport ID, so existing queries using this parameter may need to be updated. No Entra ID ObjectId
was available to uniquely identify users (actor and target).
After the rollout: The UserKey will be mapped to the Entra ID ObjectId of the user performing the action. The new TargetObjectId
parameter will capture the Entra ID ObjectId of the user affected by the action, and the ModifiedProperties
field will hold the old and new values for any modified fields.
Field changes
Name | Mandatory (Yes/no) | Old mapping | New mapping |
---|---|---|---|
UserKey |
Yes | Passport ID of the user | Entra ID ObjectId of the actor |
New fields
Name | Mandatory (Yes/no) | Mapping and description |
---|---|---|
TargetObjectId |
No | Entra ID ObjectId of the target user. Blank if not applicable. |
ModifiedProperties |
No | Captures the old and new values of any modified fields during an operation. This is particularly relevant for admin events, such as adding a user as an admin or removing someone from an admin role. |
As we apply these changes to the Viva Engage (Yammer) workload audit logs, the UserKey
field will be updated immediately to reflect the Entra ID ObjectId
of the actor in all audit logs. The new fields TargetObjectId
and ModifiedProperties
will only be populated for admin-specific audit logs and events. These include actions such as promoting or demoting users to Corporate Communicator, Network Admin, Verified Admin, Yammer Admin roles, as well as enabling or disabling Leadership Corner and setting or updating custom usage policies.
This change will be on for admins who have already enabled it. For everyone else, this change will be off by default and available for admins to configure.
[What you need to do to prepare:]
To ensure a smooth transition, we recommend notifying your users about this update and updating any relevant documentation to incorporate these changes.
This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization.
Learn more: Search the audit log | Microsoft Learn
Source: Microsoft
The upcoming update to Microsoft Viva Engage (Yammer) is set to make some exciting changes to the audit log schema that will impact both admins and users alike. With the addition of new parameters like `TargetObjectId` and `ModifiedProperties`, the identification of users performing actions and those affected by them will be more detailed and transparent than ever before.
For admins, this means a more comprehensive view of changes to admin roles and other key scenarios, enabling better tracking and analysis of activities within the organization. The update will require admins to adjust their queries in the Microsoft Purview compliance portal to ensure they are retrieving the correct information using the updated parameters.
As for users, the enhanced audit log schema will provide greater accountability and visibility into actions taken within the platform. With the rollout expected to begin in late November 2024 and complete by late December 2024, organizations are encouraged to prepare for the changes by informing users and updating documentation accordingly.
Overall, the impact of these changes is expected to be quite significant, offering improved clarity and accuracy in tracking user actions and ensuring compliance within the organization. So, get ready to embrace these updates and stay tuned for a more streamlined and efficient auditing process!
What are your thoughts on these upcoming changes? Feel free to share your views and join the conversation!