![Change in behavior of the HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet [MC955752]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-mali-110818-1024x683.webp)
Message ID: MC955752
The Search-UnifiedAuditLog cmdlet gives administrators in your organization access to critical audit log event data to gain insights and further investigate user activities. Microsoft had introduced a new HighCompleteness parameter in this cmdlet in April 2024 that allowed customers to toggle between prioritizing completeness of search results and performance. When the HighCompleteness parameter is set to true, the search query returns a more complete set of search results, but the query may take a longer time to finish. When set to false, the query runs faster but only returns a subset of results. We recommended setting the parameter to true in scenarios where a complete list of search results was required.
To improve our customers’ visibility into their security logging and reduce instances of customers missing out on important audit records in their search results, we are now changing the behavior of the HighCompleteness parameter. Previously, customers could toggle the parameter between true or false. With this change, the HighCompleteness parameter will always be set to true.
[When this will happen:]
General Availability (Worldwide, GCC, GCC-High, DoD): Starting late January 2025, for all search queries submitted via the Search-UnifiedAuditLog cmdlet, the value of the HighCompleteness parameter will be set to true.
[How this will affect your organization:]
The HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet will now be set to true for all queries. With this change, the cmdlet will now prioritize completeness of search results over performance. As a result, search queries may take longer to finish.
[What you can do to prepare:]
You could also consider using our new Audit Search Graph API for programmatic access to audit logs. This API is now Generally Available to all our Worldwide and Gov customers.
Learn more about Purview Audit: Learn about auditing solutions in Microsoft Purview | Microsoft Learn
Learn more about the Search-UnifiedAuditLog cmdlet: Search-UnifiedAuditLog (ExchangePowerShell) | Microsoft Learn
Source: Microsoft
![Power Platform – Copilot Studio Sharing Limits and Solution-aware cloud flow sharing limits [MC955566]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pachon-in-motion-426015731-18557132-150x150.webp)
![Viva Engage: Designated experts in Communities [MC956390]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-googledeepmind-18069813-150x150.webp)
The recent update regarding the HighCompleteness parameter in the Search-UnifiedAuditLog cmdlet is set to bring significant changes for both administrators and users alike. Starting in late January 2025, the HighCompleteness parameter will always default to true, which means that search queries will prioritize the completeness of results over performance.
For administrators, this change means a more robust set of data at their fingertips. No longer will they have to toggle between speed and comprehensive search results, as the cmdlet will now ensure that nothing slips through the cracks. However, this could also mean longer wait times for queries to complete, which might feel like waiting for a kettle to boil – you know it’s worth it, but patience is key!
Users can expect a more thorough audit log experience as well. With the guarantee of complete results, they can rest assured that critical information will be at their disposal. It’s like being handed a full menu instead of just the specials; who wouldn’t want the full spread?
That said, organizations might need to adjust their workflows to accommodate the potentially increased query times. It’s a small trade-off for the added security and visibility that comes with complete data.
In light of these changes, I encourage everyone to explore the new Audit Search Graph API for those who prefer programmatic access to audit logs. It’s a great way to stay ahead of the game!
I’d love to hear your thoughts on this update! How do you think it will impact your organization? Will you embrace the longer wait times for more comprehensive results? Let’s discuss in the comments below! And for more insights, don’t forget to check out additional posts on mwpro.co.uk.