{"id":4945,"date":"2024-01-31T09:02:00","date_gmt":"2024-01-31T00:02:00","guid":{"rendered":"https:\/\/m365jp.tk\/?p=4945"},"modified":"2024-01-31T09:03:42","modified_gmt":"2024-01-31T00:03:42","slug":"mc711333-microsoft-purview-audit-new-logs-for-standard-users","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-01-31-mc711333-microsoft-purview-audit-new-logs-for-standard-users","title":{"rendered":"MC711333 | Microsoft Purview | Audit: New logs for Standard users"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC711333 | Microsoft Purview | Audit: New logs for Standard users<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>01\/30\/2024 23:49:28<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>01\/30\/2024 23:48:52<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>03\/04\/2024 08:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2024-11-04T08:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>In Microsoft Purview, new standard logs will be available for Microsoft Exchange, Microsoft SharePoint, and Microsoft Teams workloads.  <\/p>\n<p>This message is associated with Microsoft 365 Roadmap IDs <a href=\"https:\/\/www.microsoft.com\/microsoft-365\/roadmap?filters=&amp;searchterms=182259%2C\" target=\"_blank\" rel=\"noopener\">  182259<\/a>&nbsp;(Exchange and SharePoint) and <a href=\"https:\/\/www.microsoft.com\/microsoft-365\/roadmap?filters=&amp;searchterms=182242\" target=\"_blank\" rel=\"noopener\">  182242<\/a>&nbsp;(Teams).<\/p>\n<p>[When this will happen:]  <\/p>\n<p>Public Preview: We will begin rolling out early-March 2024 and expect to complete by mid-June 2024.<\/p>\n<p>Standard Release: We will begin rolling out late June 2024 and expect to complete by mid-September 2024.<\/p>\n<p>[How this will affect your organization:]  <\/p>\n<p>Microsoft Purview is expanding access to wider cloud security activity events for Exchange, Teams, and SharePoint. As part of the changes, standard users of Purview Audit will begin to generate new Exchange, Teams, and SharePoint events that were previously   generated only for Audit Premium licensed users.  <\/p>\n<p>Here are the new standard logs:  <\/p>\n<p>Exchange  <\/p>\n<ul>\n<li>Send  <\/li>\n<li>mailitemsaccessed  <\/li>\n<li>searchqueryinitiatedexchange  <\/li>\n<\/ul>\n<p>SharePoint  <\/p>\n<ul>\n<li>searchqueryinitiatedsharepoint  <\/li>\n<\/ul>\n<p>Teams  <\/p>\n<ul>\n<li>meetingparticipantdetail  <\/li>\n<li>messagesent  <\/li>\n<li>messageslisted  <\/li>\n<li>meetingdetail  <\/li>\n<li>messageupdated  <\/li>\n<li>chatretrieved  <\/li>\n<li>messageread  <\/li>\n<li>messagehostedcontentread  <\/li>\n<li>subscribedtomessages  <\/li>\n<li>messagehostedcontentslisted  <\/li>\n<li>chatcreated  <\/li>\n<li>chatupdated  <\/li>\n<li>messagecreatednotification  <\/li>\n<li>messagedeletednotification  <\/li>\n<li>messageupdatednotification  <\/li>\n<\/ul>\n<p>[What you need to do to prepare:]  <\/p>\n<p>The Exchange <i>MailItemsAccessed<\/i> and <i>send<\/i> logs are enabled by default unless the mailbox\u2019s  <i>DefaultAuditSet<\/i> settings were modified. To ensure these new standard logs are generated, an admin may need to ensure the appropriate mailbox settings are enabled.  <\/p>\n<p>Use this command to check if a mailbox is currently using the default audit settings:    <\/p>\n<ul>\n<li>Get-Mailbox -Identity &lt;MailboxIdentity&gt;  <\/li>\n<\/ul>\n<p>The <i>DefaultAuditSet <\/i>property is returned by the Get-Mailbox cmdlet. A mailbox using the defaults will show the following result:  <\/p>\n<ul>\n<li>DefaultAuditSet : {Owner,Admin,Delegate}  <\/li>\n<\/ul>\n<p>If any of those values are missing, the mailbox is not using the default audit settings. To ensure the new standard Exchange logs  <i>mailitemsaccessed <\/i>and <i>Send <\/i>are stored, admins will either need to make sure Audit mailboxes are configured to the default settings or add the new standard logs to each mailbox. These changes can be made in Exchange Online PowerShell:  <\/p>\n<p>Option 1: Reset each mailbox to the default settings using this command:  <\/p>\n<ul>\n<li>Set-Mailbox -Identity &lt;MailboxIdentity&gt; -DefaultAuditSet Admin,Delegate,Owner  <\/li>\n<\/ul>\n<p>Option 2: Add the new standard logs to each mailbox. This command will add (only) the new Standard logs for each mailbox, retaining any existing customization, but any future changes to the defaults will need to be added when those future logs are released:  <\/p>\n<ul>\n<li>Set-Mailbox -Identity &lt;MailboxIdentity&gt; -AuditOwner <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;,&#8221;Send&#8221; } -AuditAdmin <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;,&#8221;Send&#8221;} -AuditDelegate <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;}  <\/li>\n<\/ul>\n<p>For more information:&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2023\/07\/19\/expanding-cloud-logging-to-give-customers-deeper-security-visibility\/\" target=\"_blank\" style=\"background-color: rgb(255, 255, 255); font-family: sans-serif; font-weight: 400;\" rel=\"noopener\">How   Microsoft is expanding cloud logging to give customers deeper security visibility | Microsoft Security Blog<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>Microsoft Purview \u3067\u306f\u3001Microsoft Exchange\u3001Microsoft SharePoint\u3001Microsoft Teams \u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u3067\u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0\u3092\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002  <\/p>\n<p>\u3053\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u306f\u3001Microsoft 365 \u30ed\u30fc\u30c9\u30de\u30c3\u30d7 ID <a href=\"https:\/\/www.microsoft.com\/microsoft-365\/roadmap?filters=&amp;searchterms=182259%2C\" target=\"_blank\" rel=\"noopener\">  182259<\/a>&nbsp;(Exchange \u3068 SharePoint) \u3068 <a href=\"https:\/\/www.microsoft.com\/microsoft-365\/roadmap?filters=&amp;searchterms=182242\" target=\"_blank\" rel=\"noopener\">  182242<\/a>&nbsp;(Teams) \u306b\u95a2\u9023\u4ed8\u3051\u3089\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b:]<\/p>\n<p>\u30d1\u30d6\u30ea\u30c3\u30af \u30d7\u30ec\u30d3\u30e5\u30fc: 2024 \u5e74 3 \u6708\u4e0a\u65ec\u306b\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u3092\u958b\u59cb\u3057\u30012024 \u5e74 6 \u6708\u4e2d\u65ec\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>\u6a19\u6e96\u30ea\u30ea\u30fc\u30b9: 2024 \u5e74 6 \u6708\u4e0b\u65ec\u306b\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u3092\u958b\u59cb\u3057\u30012024 \u5e74 9 \u6708\u4e2d\u65ec\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u7d44\u7e54\u306b\u53ca\u307c\u3059\u5f71\u97ff:]<\/p>\n<p>Microsoft Purview \u306f\u3001Exchange\u3001Teams\u3001SharePoint \u306e\u3088\u308a\u5e83\u7bc4\u306a\u30af\u30e9\u30a6\u30c9 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3 \u30a4\u30d9\u30f3\u30c8\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u62e1\u5f35\u3057\u3066\u3044\u307e\u3059\u3002\u5909\u66f4\u306e\u4e00\u74b0\u3068\u3057\u3066\u3001Purview Audit \u306e\u6a19\u6e96\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u4ee5\u524d\u306f Audit Premium \u30e9\u30a4\u30bb\u30f3\u30b9 \u30e6\u30fc\u30b6\u30fc\u306b\u5bfe\u3057\u3066\u306e\u307f\u751f\u6210\u3055\u308c\u3066\u3044\u305f\u65b0\u3057\u3044 Exchange\u3001Teams\u3001SharePoint \u30a4\u30d9\u30f3\u30c8\u306e\u751f\u6210\u3092\u958b\u59cb\u3057\u307e\u3059\u3002<\/p>\n<p>\u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<p>\u4ea4\u63db<\/p>\n<ul>\n<li>\u9001\u4fe1<\/li>\n<li>\u30e1\u30fc\u30eb\u30a2\u30a4\u30c6\u30e0\u30a2\u30af\u30bb\u30b9<\/li>\n<li>SearchQueryInitiatedExchange<\/li>\n<\/ul>\n<p>SharePoint \u306e<\/p>\n<ul>\n<li>SearchQueryInitiatedSharePoint<\/li>\n<\/ul>\n<p>\u30c1\u30fc\u30e0<\/p>\n<ul>\n<li>meetingparticipantdetail (\u82f1\u8a9e)<\/li>\n<li>\u30e1\u30c3\u30bb\u30fc\u30b8\u9001\u4fe1\u6e08\u307f<\/li>\n<li>\u30e1\u30c3\u30bb\u30fc\u30b8\u30ea\u30b9\u30c8 {{\u3081\u3063\u305b\u30fc<\/li>\n<li>\u4f1a\u8b70\u306e\u8a73\u7d30<\/li>\n<li>\u30e1\u30c3\u30bb\u30fc\u30b8\u66f4\u65b0\u6e08\u307f<\/li>\n<li>\u30c1\u30e3\u30c3\u30c8\u53d6\u5f97\u6e08\u307f<\/li>\n<li>\u30e1\u30c3\u30bb\u30fc\u30b8\u8aad\u307f\u53d6\u308a<\/li>\n<li>MessageHostedContentRead (\u30e1\u30c3\u30bb\u30fc\u30b8 \u30db\u30b9\u30c8\u3055\u308c\u305f\u30b3\u30f3\u30c6\u30f3\u30c4\u8aad\u307f\u53d6\u308a)<\/li>\n<li>subscribedto\u30e1\u30c3\u30bb\u30fc\u30b8<\/li>\n<li>MessageHostedContents\u30ea\u30b9\u30c8<\/li>\n<li>\u30c1\u30e3\u30c3\u30c8\u4f5c\u6210\u6e08\u307f<\/li>\n<li>\u30c1\u30e3\u30c3\u30c8\u66f4\u65b0\u6e08\u307f<\/li>\n<li>messagecreated\u901a\u77e5<\/li>\n<li>\u30e1\u30c3\u30bb\u30fc\u30b8\u524a\u9664\u901a\u77e5<\/li>\n<li>messageupdated\u901a\u77e5<\/li>\n<\/ul>\n<p>[\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:]<\/p>\n<p>Exchange \u306e <i>MailItemsAccessed<\/i> \u30ed\u30b0\u3068 <i>\u9001\u4fe1<\/i> \u30ed\u30b0\u306f\u3001\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306e <i>DefaultAuditSet<\/i> \u8a2d\u5b9a\u304c\u5909\u66f4\u3055\u308c\u3066\u3044\u306a\u3044\u9650\u308a\u3001\u65e2\u5b9a\u3067\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0\u304c\u78ba\u5b9f\u306b\u751f\u6210\u3055\u308c\u308b\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001\u7ba1\u7406\u8005\u306f\u9069\u5207\u306a\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u8a2d\u5b9a\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u304c\u73fe\u5728\u65e2\u5b9a\u306e\u76e3\u67fb\u8a2d\u5b9a\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>Get-Mailbox -Identity &lt;MailboxIdentity&gt;<\/li>\n<\/ul>\n<p><i>DefaultAuditSet <\/i>\u30d7\u30ed\u30d1\u30c6\u30a3\u306f\u3001Get-Mailbox \u30b3\u30de\u30f3\u30c9\u30ec\u30c3\u30c8\u306b\u3088\u3063\u3066\u8fd4\u3055\u308c\u307e\u3059\u3002\u65e2\u5b9a\u5024\u3092\u4f7f\u7528\u3059\u308b\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u3067\u306f\u3001\u6b21\u306e\u7d50\u679c\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>DefaultAuditSet : {\u6240\u6709\u8005\u3001\u7ba1\u7406\u8005\u3001\u4ee3\u7406\u4eba}<\/li>\n<\/ul>\n<p>\u3053\u308c\u3089\u306e\u5024\u306e\u3044\u305a\u308c\u304b\u304c\u6b20\u843d\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306f\u65e2\u5b9a\u306e\u76e3\u67fb\u8a2d\u5b9a\u3092\u4f7f\u7528\u3057\u3066\u3044\u307e\u305b\u3093\u3002\u65b0\u3057\u3044\u6a19\u6e96 Exchange \u30ed\u30b0 <i>mailitemsaccessed  <\/i>\u3068 <i>send <\/i>\u304c\u78ba\u5b9f\u306b\u4fdd\u5b58\u3055\u308c\u308b\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001\u7ba1\u7406\u8005\u306f\u76e3\u67fb\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u304c\u65e2\u5b9a\u306e\u8a2d\u5b9a\u306b\u69cb\u6210\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u304b\u3001\u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0\u3092\u5404\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306b\u8ffd\u52a0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u5909\u66f4\u306f\u3001Exchange Online PowerShell \u3067\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u30aa\u30d7\u30b7\u30e7\u30f3 1: \u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001\u5404\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u3092\u65e2\u5b9a\u306e\u8a2d\u5b9a\u306b\u30ea\u30bb\u30c3\u30c8\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>Set-Mailbox -Identity &lt;MailboxIdentity&gt; -DefaultAuditSet Admin,Delegate,Owner<\/li>\n<\/ul>\n<p>\u30aa\u30d7\u30b7\u30e7\u30f3 2: \u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0\u3092\u5404\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306b\u8ffd\u52a0\u3057\u307e\u3059\u3002\u3053\u306e\u30b3\u30de\u30f3\u30c9\u306f\u3001\u65e2\u5b58\u306e\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3092\u4fdd\u6301\u3057\u3066\u3001\u5404\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u306e\u65b0\u3057\u3044\u6a19\u6e96\u30ed\u30b0 (\u306e\u307f) \u3092\u8ffd\u52a0\u3057\u307e\u3059\u304c\u3001\u65e2\u5b9a\u5024\u306b\u5bfe\u3059\u308b\u5c06\u6765\u306e\u5909\u66f4\u306f\u3001\u305d\u308c\u3089\u306e\u5c06\u6765\u306e\u30ed\u30b0\u304c\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f\u3068\u304d\u306b\u8ffd\u52a0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>Set-Mailbox -Identity &lt;MailboxIdentity&gt; -AuditOwner <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;,&#8221;\u9001\u4fe1&#8221; } -AuditAdmin <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;,&#8221;\u9001\u4fe1&#8221;} -AuditDelegate <a href=\"mailto:{@Add=&#038;quot\" >{@Add=&#038;quot<\/a>;MailItemsAccessed&#8221;}<\/li>\n<\/ul>\n<p>\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2023\/07\/19\/expanding-cloud-logging-to-give-customers-deeper-security-visibility\/\" target=\"_blank\" style=\"background-color: rgb(255, 255, 255); font-family: sans-serif; font-weight: 400;\" rel=\"noopener\">Microsoft   \u304c\u30af\u30e9\u30a6\u30c9 \u30ed\u30b0\u3092\u62e1\u5f35\u3057\u3066\u3001\u304a\u5ba2\u69d8\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u53ef\u8996\u6027\u3092\u9ad8\u3081\u308b\u65b9\u6cd5 |Microsoft \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30d6\u30ed\u30b0<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC711333 | Microsoft Purview | Audit: New logs for Standard users Classification stayInformed Last Updated 01\/ [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4945","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/4945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=4945"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/4945\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=4945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=4945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=4945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}