Activity explorer should support cross-platform audit logs for sensitivity labels
Provide a central logging service for all sensitivity labeling logs
Central logging of AIP actions is now available in preview.
See https://docs.microsoft.com/en-us/azure/information-protection/reports-aip for additional information.
kazu kojima commented
OfficeOnline do not output changing label, deleting label. or any logs to Central logs.
We would like to confirm OfficeOnline logs as like each client application.
Still need Admin/superuser logs. I know these are available through cmdlets, however, for them to actually be useful they need to be available at the same location as the AIP client logs.
Admin Audit Log Events are missing in these new reports. so i.e. admin changes Label settings oder even deletes a label is not logged.
Is it in roadmap to publish Central Log API for AIP? We are planning to use 3rd party SIEM, and this would be great addition
Ron Manns commented
Implement the collection of statistics (number of labels assigned, specific user tracking, tracking by associated groups, etc.) and the ability to generate reports, handle incidents (revocations, unauthorized access, etc.), and analysis.
Allan Ruiz commented
It's currently in private preview
Good morning, do you have any Update on this ?
any update apart from working on it for a year?
Take a look at the following
Hi all, is it possible to get the document file names included in AIP Reports please? This feature is useful if we are looking at any potention inforamtion loss or a function who is not categorising inforamtion correctly.
Thanks in advance.
Samuel Gaston-Raoul commented
Add additional information in AIP logs :
1 - Azure RMS content-id when data is labeled with RMS protection in order to be able to link AIP logs & Azure RMS logs to really trace easily data in the entire life cycle, in SIEM for example (classification, change of classification or protection... then access to data…),
2 - If possible, also the precision of the rights applied in case of custom protection / permission.
Bill Hughes commented
AIP logs for both administrative activities and usage activies should be provided in a format and technology that is easily integrated with a SIEM.
A configuration similar to what is in Defender ATP would be great. ie: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection
Pedro A. commented
this is a must, as relying on OME agent to gather information can be faulty and for BYOD near impossible.
Provide a graph or logging API as a feed into analytics engines