Viva Engage Audit log activities via Purview & the Office 365 Management Activity API

Authored by Richa, Product Manager II on Viva Engage

Auditing and monitoring are critical components of security and compliance strategies for many organizations. As the technology landscape expands with a growing number of systems, endpoints, operations, and regulations, admins need a comprehensive logging and reporting solution. Viva Engage now offers enhanced audit logs, including Entra IDs of users involved in each operation and detailed information on specific modified properties during actions. This helps organizations effectively monitor key administrative activities, such as role management and network configurations, and provides valuable operational insights that help organizations proactively identify and respond to potential issues.

Key Benefits of Audit Logs

Audit logs deliver two primary benefits:

1. Security: Audit logs help detect security breaches or violations. They can also be used to identify misuse of systems. In cases of recovery from incidents or technical issues, logs offer valuable insights about which actions were taken.
2. Compliance: Many sectors, such as finance, healthcare, and government, mandate audit logs to meet regulatory standards. These logs provide proof of compliance, ensuring that organizations meet industry-specific regulatory requirements.

Viva Engage Auditing Solutions

The auditing solutions in Viva Engage offer a streamlined way to manage security events, conduct forensic investigations, and meet compliance obligations. Every user and admin operation within Viva Engage is logged and accessible in your organization’s unified audit log. These records are searchable by security and compliance teams, providing essential visibility into activities across Viva Engage and the Microsoft 365 environment.

The Viva Engage auditing solutions address several key customer needs:

• Visibility into who accessed what, when, and how within Viva Engage.
• Clear tracking of role assignments, policy and configuration changes.
• Tools to investigate potential risks, or compliance violations.

How to Access Viva Engage Audit Logs

There are two primary ways to access these audit logs in your tenant:

1. Microsoft 365 Security & Compliance Portal:
The Microsoft Purview Compliance portal is the main hub for audit logs. You can search for and export logs via the graphical interface or PowerShell (as explained here in detail).

• • Steps to view logs:
    1. Log into the Microsoft Purview compliance portal.
    2. Navigate to "Audit" in the left-hand pane.
    3. Follow the instructions for searching the audit logs in the Follow the instructions for searching the audit logs in the Purview Portal using the filters explained in the "Get started with search" section of Search the audit log. Make sure to select the ‘Yammer’ workload for searching Viva Engage audit logs.

The reference to ‘Yammer” workload will be updated to reference Viva Engage once final branding changes are complete.

2. Office 365 Management Activity API:
The Office 365 Management Activity API enables you to retrieve Viva Engage audit log data programmatically. This API organizes actions and events into tenant-specific data, classified by content type. For Viva Engage, this data falls under the "Audit.General" category. Refer to Office 365 Management Activity API reference | Microsoft Learn for further details.

Viva Engage Audit Log Schema

Each captured Viva Engage audit log includes specific schema parameters detailing the activities, sources, and actions associated with each logged event. The audit logs utilize both the Common schema, and the Viva Engage schema. While the  Common schema provide comprehensive property details used across all products and services, additional property details specific to Viva Engage can be found in the Yammer schema.

The reference to the "Yammer schema” will be revised to "Viva Engage" upon the completion of the final branding updates.

Below is a sample event of a corporate communicator role assignment in Viva Engage:

{ "UserId": "admin@nodomain.com", "ActorYammerUserId": 123456789, "ActorUserId": "admin@nodomain.com",   "YammerNetworkId": 987654321, "Version": 1,"Id": "68478c34-e1bd-49ec-9e14-8c0b21937f44", "RecordType": 22, "CreationTime": "2024-11-5T19:13:49", "Operation": "AddUserRole", "OrganizationId": "6dt6h36d-498f-4b31",  "UserType": 0, "UserKey": "hdcsssc3-800a-46d2-a48e-f6ddf786fde1", "Workload": "Yammer", "ResultStatus": "TRUE", "ObjectId": "", "ClientIP": "", "ModifiedProperties": [ {"Name": "UserRoles", "OldValue": "", "NewValue": "Corporate    Communicator"} ], "TargetUserId": "janedoe@nodomain.com", "TargetYammerUserId": 78654329612, "TargetObjectId": "rwt528ch-a1f3-475b-a6a0-d5323ab743fb", "TargetUserRole": "corporate_communicator" }

Viva Engage Audit Log Enhancements

We have recently added and updated key admin audit logs in Viva Engage to capture actions such as promoting and demoting admin roles, changing custom usage policies, and enabling Leadership Corner, aimed at improving audit and compliance. For a complete list of Viva Engage audit log activities, refer to the Viva Engage activities section.

Additional Resources

• Get started with auditing solutions | Microsoft Learn
• Search the audit log | Microsoft Learn
• Audit log activities | Microsoft Learn
• Office 365 Management Activity API reference | Microsoft Learn
• Track Viva Engage events in the Microsoft 365 audit log and with the Management Activity API | Microsoft Learn

These resources offer further guidance on leveraging audit logs to monitor Viva Engage activities effectively. Thanks for reading!