Blog Post

Microsoft 365 Blog
3 MIN READ

Tracking Cloud Policy service and Cloud Update changes in Microsoft Purview Audit

chhopkin's avatar
chhopkin
Icon for Microsoft rankMicrosoft
Dec 05, 2024

The Cloud Policy service and cloud update are features in the Microsoft 365 Apps admin center designed to keep your devices managed and up to date. As keeping the Microsoft 365 Apps current and configured according to organizational standards, there might be times you need to track down when a certain change was implemented or by whom.

Based on customer feedback, we are happy to announce that you can now track and audit changes in the Cloud Policy service and Cloud Update using Microsoft Purview auditing solutions if enabled. For Cloud Policy service, this includes changes to the policy configuration, such as name, description, priority, and individual policy settings. For Cloud Update, it covers changes to the profile's configuration, tenant-wide settings (e.g., device exclusions), and actions triggered for devices. Additionally, among other things, the date, time, and user account making the change are recorded.

This blog post shows you how to use Purview Audit to review changes in mentioned services. We will cover two methods: using the Purview user interface as well as using PowerShell. Both require Purview auditing enabled, access to the Purview portal, and specific permissions to search and view the audit log.

Microsoft Purview portal

One option is to use the Microsoft Purview portal to search for recorded activities. After signing in, navigate to Audit Search. Create a search for activities using either friendly names, operation names, or any combination of these. Refer to our documentation for a comprehensive list of Cloud Policy service activities and Cloud Update activities along with their respective names.

After completing the search, you can review the list of results and examine each item. The data points include date, time, user account associated with the change, and audit data that contains the specific change.

 

The above example shows the AuditData for an UpdatedPolicyOperation. It includes details like the policy configuration’s name, description, and targeted groups. Additionally, it lists three new policies with their PolicyID, names, and set values.

Full schema descriptions are available for Cloud Policy service and Cloud Update, listing all values used by it, including a description and any custom enumerations.

Microsoft PowerShell

Microsoft PowerShell can also be utilized to connect to the Purview service and execute audit searches. After configuration, the Search-UnifiedAuditLog command can be employed to conduct searches and display results on the console or pipe them into files.

 

 

The example above displays the results of an Audit log search for a Cloud Update event. In this case, the audit captured changes to tenant-wide settings concerning configured Exclusion windows and device exclusions. It details the names, settings, specific start, and end dates, as well as the user account who made the change and the time it was made. Similar to the Microsoft Purview portal, the results use specific schemas for Cloud Policy service and Cloud Update.

Additional Resources

For more information about Purview Audit see Learn about auditing solutions in Microsoft Purview

For more information about using Search in the Purview Audit portal see Search the Purview Audit log.

For additional information about the Cloud Policy service, refer to Overview of the Cloud Policy service for Microsoft 365

For additional information about the Cloud Update service, refer to Overview of cloud update for Microsoft 365 Apps

A full list of tracked activities is available for both Cloud Policy service and Cloud Update.

For more information on the schemas used, refer to Office 365 Management Activity API schema.

_____________________________________________________________________________________________

Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected!

Published Dec 05, 2024
Version 1.0
  • The ability to track Cloud Policy service and Cloud Update changes through Microsoft Purview Audit is a crucial step in enhancing transparency and control within the Microsoft 365 ecosystem. This feature empowers organizations to monitor changes made to cloud policies and updates, ensuring better compliance and visibility into configurations across devices. By enabling detailed audits, businesses can pinpoint changes made, track user actions, and maintain accurate records—helping streamline policy management and troubleshooting.

    For organizations looking to optimize and integrate Microsoft 365 solutions effectively, working with organisations and people who can guide the setup and customization of these powerful tools is essential. Companies like Charter Global help businesses harness the full potential of Microsoft 365, from seamless integration to enhanced monitoring and reporting. With their tailored approach, businesses can ensure that they’re leveraging Microsoft’s cloud and security features to improve efficiency, governance, and compliance across their digital environments.