When an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for your organization. This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet. You have to assign the permissions in Exchange Online. If you assign a user the View-Only Audit Logs or Audit Logs role on the Permissions page in the compliance portal, they won't be able to search the audit log. For more information, see Manage role groups in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. Although the Get-AdminAuditLogConfig cmdlet is also available in Security & Compliance PowerShell, the UnifiedAuditLogIngestionEnabled property is always False, even when audit log search is turned on. Be sure to run the previous command in Exchange Online PowerShell.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |