To improve clarity and transparency, we’re updating the audit log messages for Microsoft Purview role group membership changes. This affects events under the SecurityComplianceRBAC workload (RecordType 87), specifically for the GrantPermission and DeletePermission operations. While the audit schema remains unchanged, the PreExecutionMessage
and PostExecutionMessage
fields will be refined to more accurately reflect the nature of the changes captured in the logs.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out on early August 2025 and expect to complete by mid-August 2025.
[How this will affect your organization:]
If your organization consumes these audit log events programmatically (e.g., via scripts or automation tools), the updated message content may affect how these logs are parsed or interpreted. No changes are required if you do not rely on these specific fields.
[What you need to do to prepare:]
Review any scripts, automation, or monitoring tools that parse the PreExecutionMessage
or PostExecutionMessage
fields for the affected operations. Update your logic as needed once the refined messages are available in your environment.
For more information about audit logging in Microsoft Purview, visit: Search the audit log.
[Compliance considerations:]
- Does the change alter how existing customer data is processed, stored, or accessed? Yes (audit log message content is refined)
- Does the change alter how admins can monitor, report on, or demonstrate compliance activities? Yes
Source: Microsoft
Latest Posts
- Microsoft Viva Engage: Copilot adoption community now available to all tenants [MC1090697]
- Teams Town hall screen management privileges in Teams Rooms on Windows [MC1090688]
- Microsoft Teams: New audit logs for Give control, Take control, and Screensharing [MC1090698]
- Admin Toggle to enable/disable “Mark Complete” feature in Viva Learning [MC1090694]