Microsoft Viva Engage (Yammer): Enhanced audit log schema [MC917742]

Microsoft Viva Engage (Yammer): Enhanced audit log schema [MC917742]

Message ID: MC917742

Coming soon to Microsoft Viva Engage (Yammer): We will update the audit log schema to include parameters that uniquely identify both the user performing an action (actor) and the user/object affected by that action (target).

After this rollout:

  • The actor will be identified by their unique Microsoft Entra ID ObjectId, stored in the UserKey field.
  • The target will be identified by a new parameter TargetObjectId that will also store the target’s Entra ID ObjectId.
  • To improve transparency on changes to admin roles and other key scenarios, a new ModifiedProperties parameter will capture both the old and new values of modified fields.

These new parameters will be available for users with an E3 license.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out end-November 2024 and expected to complete by late December 2024.

[How this will affect your organization:]

After this rollout, for admins querying audit logs in the Microsoft Purview compliance portal (Microsoft Purview compliance portal > System > Audit), the UserKey will represent the Entra ID ObjectId of the actor. If you are using Microsoft PowerShell commands or custom scripts, please ensure that you are retrieving the correct value for UserKey to identify the actor. Also, ensure any scripts that need to identify the target are using TargetObjectId.

Before the rollout, UserKey was populated with the target user’s Passport ID, so existing queries using this parameter may need to be updated. No Entra ID ObjectId was available to uniquely identify users (actor and target).

After the rollout: The UserKey will be mapped to the Entra ID ObjectId of the user performing the action. The new TargetObjectId parameter will capture the Entra ID ObjectId of the user affected by the action, and the ModifiedProperties field will hold the old and new values for any modified fields.

Field changes

Name Mandatory (Yes/no) Old mapping New mapping
UserKey Yes Passport ID of the user Entra ID ObjectId of the actor

New fields

Name Mandatory (Yes/no) Mapping and description
TargetObjectId No Entra ID ObjectId of the target user. Blank if not applicable.
ModifiedProperties No Captures the old and new values of any modified fields during an operation. This is particularly relevant for admin events, such as adding a user as an admin or removing someone from an admin role.

As we apply these changes to the Viva Engage (Yammer) workload audit logs, the UserKey field will be updated immediately to reflect the Entra ID ObjectId of the actor in all audit logs. The new fields TargetObjectId and ModifiedProperties will only be populated for admin-specific audit logs and events. These include actions such as promoting or demoting users to Corporate Communicator, Network Admin, Verified Admin, Yammer Admin roles, as well as enabling or disabling Leadership Corner and setting or updating custom usage policies.

This change will be on for admins who have already enabled it. For everyone else, this change will be off by default and available for admins to configure.

[What you need to do to prepare:]

To ensure a smooth transition, we recommend notifying your users about this update and updating any relevant documentation to incorporate these changes.

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization.

Learn more: Search the audit log | Microsoft Learn

Track Viva Engage events in the Microsoft 365 audit log and with the Management Activity API | Microsoft Learn

Source: Microsoft

Show 1 Comment

1 Comment

  1. Mike Rosoft

    The upcoming update to Microsoft Viva Engage (Yammer) is set to make some exciting changes to the audit log schema that will impact both admins and users alike. With the addition of new parameters like `TargetObjectId` and `ModifiedProperties`, the identification of users performing actions and those affected by them will be more detailed and transparent than ever before.

    For admins, this means a more comprehensive view of changes to admin roles and other key scenarios, enabling better tracking and analysis of activities within the organization. The update will require admins to adjust their queries in the Microsoft Purview compliance portal to ensure they are retrieving the correct information using the updated parameters.

    As for users, the enhanced audit log schema will provide greater accountability and visibility into actions taken within the platform. With the rollout expected to begin in late November 2024 and complete by late December 2024, organizations are encouraged to prepare for the changes by informing users and updating documentation accordingly.

    Overall, the impact of these changes is expected to be quite significant, offering improved clarity and accuracy in tracking user actions and ensuring compliance within the organization. So, get ready to embrace these updates and stay tuned for a more streamlined and efficient auditing process!

    What are your thoughts on these upcoming changes? Feel free to share your views and join the conversation!

Leave a Reply

Your email address will not be published. Required fields are marked *