Microsoft Purview: Upcoming Update to Audit Records for Microsoft Purview Role Group Changes [MC1090695]

Microsoft Purview: Upcoming Update to Audit Records for Microsoft Purview Role Group Changes [MC1090695]

Message ID: MC1090695

To improve clarity and transparency, we’re updating the audit log messages for Microsoft Purview role group membership changes. This affects events under the SecurityComplianceRBAC workload (RecordType 87), specifically for the GrantPermission and DeletePermission operations. While the audit schema remains unchanged, the PreExecutionMessage and PostExecutionMessage fields will be refined to more accurately reflect the nature of the changes captured in the logs.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out on early August 2025 and expect to complete by mid-August 2025.

[How this will affect your organization:]

If your organization consumes these audit log events programmatically (e.g., via scripts or automation tools), the updated message content may affect how these logs are parsed or interpreted. No changes are required if you do not rely on these specific fields.

[What you need to do to prepare:]

Review any scripts, automation, or monitoring tools that parse the PreExecutionMessage or PostExecutionMessage fields for the affected operations. Update your logic as needed once the refined messages are available in your environment.

For more information about audit logging in Microsoft Purview, visit: Search the audit log.

[Compliance considerations:]

  • Does the change alter how existing customer data is processed, stored, or accessed? Yes (audit log message content is refined)
  • Does the change alter how admins can monitor, report on, or demonstrate compliance activities? Yes

Source: Microsoft

Latest Posts

Show 1 Comment

1 Comment

  1. Thanks for flagging this update—adjustments to audit log messaging for Purview role group changes are a big deal for those of us managing compliance workflows. Having clearer visibility into SecurityComplianceRBAC events (RecordType 87) will definitely help with traceability during access reviews and audits. Looking forward to seeing how granular the new logs get.

Leave a Reply

Your email address will not be published. Required fields are marked *