Auditing when an exclusion is added or removed from Azure ATP

Brass Contributor

Trying to ascertain where the configuration in Azure ATP is stored that changes in exclusions can be logged for alerting and or review?

5 Replies

@Brogie 
Currently it is audited in the backend and not customer visible directly.

In case of need , open a support case with the specific data you are interested in from the audit logs, 
And the data will be pulled  for you from the backend.

I am aware that this is planned to be changed at some point and this data is planned to be customer visible, but can't tell you when and how exactly...

@EliOfek  Thanks, is there a capability to export the config to JSON similar to ATA which then I could do compares of the configs at different points in time?

@Brogie  Officially no, But unofficially , F12 dev tools might work for what you want, although far from optimal.

Hi @EliOfek,

It's quite old issue with auditing but is it already available for customers?

No, there are concrete plans to add it to the new portal (security.microsoft.com) to M365 Auditing,
But no ETA that I can share yet, sorry.