Feb 13 2018 08:13 AM
Feb 13 2018 08:13 AM
Hello
For a collaboration solution with strict site governance based on SharePoint Online, we were planning to leverage CAS to notify the operations team when a site owner changes the access request settings of his site. There are two activities related to these access request settings:
WebMembersCanShareModified and
WebRequestAccessModified.
We've noticed, however, that neither of them appears in the Activity log of CAS, although both can be found in the audit logs of the Security and Compliance center. What's even more confusing is that the Activity Type field of CAS contains both activities and allows filtering and defining policies based on them, whereas the audit logs of the Security and Compliance Center do not allow alert definition based on these two. This seems particularly odd.
Is it true that not all SharePoint activities appears in CAS and
can we expect a solution in order to be able to detect the modification of the access request settings and send out an alert?
Thanks a lot.
John
Mar 02 2018 12:54 PM
@Niv Goldenberg can you provide any insight?
May 09 2018 04:44 AM
Hi @Deleted,
I'm seeing the same thing not only for SharePoint Online but also for other things like Sway or device/network access policy. I was hoping to find an overview of all the Audit log features compared to (M)CAS. I found one for the Audit log but not for CAS.
Hope someone has an answer for this.
May 16 2018 05:37 AM
Hi John,
New SharePoint Online activities were recently added to CAS. They include the activities you mentioned, so you can now create policies and alerts on those activities.
In general, the goal is to add all SharePoint Online activities to CAS. It might take some time to add new activities, but they will be added.
Eran
May 16 2018 05:47 AM
@Eran Chencinskithat is good news, when you do that, could you please make sure to use the attributes from Azure AD, instead of from the unified audit log in O365. I have noticed differences, and the AAD log is more helpful.