Audit changes to labels and policies in Azure Information Protection

David De Vos · ‎Jan 25 2019

Hello

I've been looking for a way to audit or monitor changes/deletions/creations of labels in Azure Information Protection. I've enabled log workspace and all the logging through PowerShell module. I made sure the admin is allowed access (thick at the button)

Yet ... when I delete a label, I cannot seem to find out which user it was?

Any ideas or tips? Thanks :)

Vasil Michev · ‎Jan 26 2019

Those operations are only audited client-side, unfortunately. So you will need to collect them centrally from each workstation, if you even have access to it. This article can get you started: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-files-an...

David De Vos · ‎Jan 29 2019

Hi Vasil

The link you sent me tells me how labels are used. What I was looking for is the actions of labels in the Azure Portal. Who creates a label, who modifies a label properties, etc ...

I can't seem to find that information.

Vasil Michev · ‎Jan 29 2019

Whoops, I guess I've misunderstood you then. I'm not aware of any logs that list label operations, but if the label is associated with a corresponding Azure RMS template, you can use the RMS audit logs: https://docs.microsoft.com/en-us/azure/information-protection/log-analyze-usage#how-to-access-and-us...

Audit changes to labels and policies in Azure Information Protection

Audit changes to labels and policies in Azure Information Protection

Re: Audit changes to labels and policies in Azure Information Protection

Re: Audit changes to labels and policies in Azure Information Protection

Re: Audit changes to labels and policies in Azure Information Protection

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Audit changes to labels and policies in Azure Information Protection