MC789312: Microsoft Purview | Audit search: New filters will be available

Announcement IDMC789312Published Date04-30-2024
ServiceGeneralLast Updated11-21-2024
CategoryStay informedExpiration Date05-19-2025
Roadmap ID384092Action Required by Date
TagsAdmin impact, New feature


Summary
                The message details an update to Microsoft Purview's audit search with four new filters: Id, UserType, UserKey, and ClientIP. The rollout timeline has been updated, with Public Preview starting mid-February 2025 and General Availability early April 2025. No admin action is required for the rollout.


More Information

In Microsoft Purview, audit search provides your organization with access to critical audit log event data, allowing you to gain insight and further investigate user activities. The Microsoft Purview Compliance portal's audit search UI currently includes several search fields (i.e., date range, activities, workloads, users, etc.) to facilitate the retrieval of relevant logs. With a recent update, we have added four additional fields to the audit search UI.

These four fields are described below:

New filter fieldDescription
IdUnique identifier of an audit record.
UserTypeThe type of user that performed the operation. See the UserType table for details on the types of users.
UserKeyAzure Active Directory Object ID in GUID format.
ClientIPThe IP address of the device that was used when the activity was logged.

When this will happen:

Public Preview: We will begin rolling out mid-February 2025 (previously early November) and expect to complete by early March 2025 (previously mid-November).

General Availability (Worldwide): We will begin rolling out mid-March 2025 (previously mid-November) and expect to complete by early April 2025 (previously late November).

How this will affect your organization:

Security admins in your organization who use audit in the Microsoft Purview compliance portal will be able to use these four additional fields to retrieve relevant audit logs.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your users about this change and update any relevant documentation as appropriate.

    Previous Post Next Post