Jan 25 2019
- last edited on
Feb 19 2021
I've been looking for a way to audit or monitor changes/deletions/creations of labels in Azure Information Protection. I've enabled log workspace and all the logging through PowerShell module. I made sure the admin is allowed access (thick at the button)
Yet ... when I delete a label, I cannot seem to find out which user it was?
Any ideas or tips? Thanks :)
Jan 26 2019 01:19 PM
Those operations are only audited client-side, unfortunately. So you will need to collect them centrally from each workstation, if you even have access to it. This article can get you started: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-files-an...
Jan 29 2019 03:29 AM
The link you sent me tells me how labels are used. What I was looking for is the actions of labels in the Azure Portal. Who creates a label, who modifies a label properties, etc ...
I can't seem to find that information.
Jan 29 2019 11:16 AM
Whoops, I guess I've misunderstood you then. I'm not aware of any logs that list label operations, but if the label is associated with a corresponding Azure RMS template, you can use the RMS audit logs: https://docs.microsoft.com/en-us/azure/information-protection/log-analyze-usage#how-to-access-and-us...