Auditing when an exclusion is added or removed from Azure ATP

Brogie · ‎Jan 20 2021

Trying to ascertain where the configuration in Azure ATP is stored that changes in exclusions can be logged for alerting and or review?

Eli Ofek · ‎Jan 20 2021

@Brogie
Currently it is audited in the backend and not customer visible directly.

In case of need , open a support case with the specific data you are interested in from the audit logs,
And the data will be pulled for you from the backend.

I am aware that this is planned to be changed at some point and this data is planned to be customer visible, but can't tell you when and how exactly...

Brogie · ‎Jan 20 2021

@Eli Ofek Thanks, is there a capability to export the config to JSON similar to ATA which then I could do compares of the configs at different points in time?

Eli Ofek · ‎Jan 21 2021

@Brogie Officially no, But unofficially , F12 dev tools might work for what you want, although far from optimal.

Przem0 · ‎Jun 29 2022

Hi @Eli Ofek,

It's quite old issue with auditing but is it already available for customers?

Eli Ofek · ‎Jun 29 2022

No, there are concrete plans to add it to the new portal (security.microsoft.com) to M365 Auditing,
But no ETA that I can share yet, sorry.

Auditing when an exclusion is added or removed from Azure ATP

Auditing when an exclusion is added or removed from Azure ATP

Re: Auditing when an exclusion is added or removed from Azure ATP

Re: Auditing when an exclusion is added or removed from Azure ATP

Re: Auditing when an exclusion is added or removed from Azure ATP

Re: Auditing when an exclusion is added or removed from Azure ATP

Re: Auditing when an exclusion is added or removed from Azure ATP

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Auditing when an exclusion is added or removed from Azure ATP