Blog Post

Exchange Team Blog
4 MIN READ

Exchange Online Improvements to Accelerate Replication of Changes to Azure Active Directory

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Sep 09, 2019
As part of continued improvements to the Exchange Online service we are releasing an improvement to the User object management experience. Today, when you create or modify user’s properties via Exc...
Updated Aug 25, 2022
Version 12.0
administration
announcements
exchange
exchange online
office 365
scripting
EricM1375's avatar
EricM1375
Copper Contributor
Mar 07, 2024

Not sure I like this. If, like us, you export audit logs to an external SIEM, all you get to see is "ServicePrincipal_xxxxxxx-1d02-4186-aba2-eb1a91866024" made the change  in AD. The Exchange group addition is then somewhere completely different (in time and structure) (and doesn't contain the user name that was added - only the GUID) :sad:

 

Sure I can go and find it in the unified log, but if I'm trying to find out WHO made the change I have to unpick about 5 levels of nesting in the powershell. I can't search on either the name of the distribution group or name of the member. It's not exactly very auditable.  

 

And how long is that kept for?  I have no control over its retention period.