MicrosoftMicrosoftThis is a giant L if not implemented properly. As it stands there is a complete lack of crossover between AAL and MAL entries when compared to the UAL in certain instances. For example, the UAL does not track inbox rule creation on delegates in the same way that the AAL does and losing the indications this logging provides could have some pretty major consequences.
The biggest issue here is of course that you (Microsoft) only turn the UAL on by default for certain licensing levels meaning that if an admin does not enable it at the creation of the tenant then forensic teams would be SOL on any form of logging aside from message traces which is unacceptable. You (again, Microsoft) all just made a big show of expanding in-depth logging capabilities across all tenants because it was acknowledged that forensic data should be more open and available and now we are going 2 steps backwards with this change by potentially cutting off access to all logging if a setting (which you could enable by default for all tenants) is not turned on.
