Microsoft Purview: Upcoming Update to Audit Records for Microsoft Purview Role Group Changes [MC1090695]

To improve clarity and transparency, we’re updating the audit log messages for Microsoft Purview role group membership changes. This affects events under the SecurityComplianceRBAC workload (RecordType 87), specifically for the GrantPermission and DeletePermission operations. While the audit schema remains unchanged, the PreExecutionMessage and PostExecutionMessage fields will be refined to more accurately reflect the nature of the changes captured in the logs.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out on early August 2025 and expect to complete by mid-August 2025.

[How this will affect your organization:]

If your organization consumes these audit log events programmatically (e.g., via scripts or automation tools), the updated message content may affect how these logs are parsed or interpreted. No changes are required if you do not rely on these specific fields.

[What you need to do to prepare:]

Review any scripts, automation, or monitoring tools that parse the PreExecutionMessage or PostExecutionMessage fields for the affected operations. Update your logic as needed once the refined messages are available in your environment.

For more information about audit logging in Microsoft Purview, visit: Search the audit log.

[Compliance considerations:]

• Does the change alter how existing customer data is processed, stored, or accessed? Yes (audit log message content is refined)
• Does the change alter how admins can monitor, report on, or demonstrate compliance activities? Yes

Source: Microsoft

Latest Posts