Audit changes to labels and policies in Azure Information Protection

Question

Hello&nbsp;I've been looking for a way to audit or monitor changes/deletions/creations of labels in Azure Information Protection.&nbsp;&nbsp;&nbsp; I've enabled log workspace and all the logging through PowerShell module.&nbsp;&nbsp;I made sure the admin is allowed access (thick at the button)&nbsp; &nbsp;&nbsp;Yet ... when I delete a label, I cannot seem to find out which user it was?&nbsp;&nbsp;Any ideas or tips?&nbsp;&nbsp; Thanks&nbsp; 🙂

vasilmichev · Answer

Those operations are only audited client-side, unfortunately. So you will need to collect them centrally from each workstation, if you even have access to it. This article can get you started: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-files-and-logging

daviddevosstars · Answer

Hi Vasil&nbsp;The link you sent me tells me how labels are used.&nbsp;&nbsp; What I was looking for is the actions of labels in the Azure Portal.&nbsp;&nbsp; Who creates a label, who modifies a label properties, etc ...&nbsp;I can't seem to find that information.&nbsp;&nbsp;

vasilmichev · Answer

Whoops, I guess I've misunderstood you then. I'm not aware of any logs that list label operations, but if the label is associated with a corresponding Azure RMS template, you can use the RMS audit logs: https://docs.microsoft.com/en-us/azure/information-protection/log-analyze-usage#how-to-access-and-use-your-azure-rights-management-usage-logs

Forum Discussion

Audit changes to labels and policies in Azure Information Protection

Share

Resources