Security and Compliance, Rights Management.

Iron Contributor

Hey Team, 

 

I would like to know if there is a log file i can check to see who may have disabled "Rights Management" in our test tenant? Some background

 

We had Rights Management enabled in our Test tenant, and had several different and have several different sensitivity labels configured, yesterday i tried to edit one of them and then upon saving got the following error: 

 

"Rights Management is not enabled for the tenant" 

 

Upon investigation it was determined that the tenant had been deactivate for rights management. How can i tell who disabled it? 

 

I have already tried using the unified-auditlogs and searching for the cmdlet Disable-AipService but it doesn't seem to provide any results? 

 

Is logging itself not enabled? It appears to be, but i cant be sure. 

 

Thanks, 

 

Robert 

3 Replies

If there's nothing in the logs, you're out of luck. You can still try opening a support ticket and ask them to check.

@Vasil Michev 

 

Thanks for the response as always. I checked the Unified Audit log and didnt see anything of value there. I see all kinds of log being generate but not what i need. 

 

I also checked 

 

Get-AipServiceUserLog -Path c:\temp\azusrlogs -fromdate 11/01/2020 -todate 01/15/2021 -numberofthreads 10

 

Some good data was reported here, but not quite what i am looking for. Can you think of any other place i might be able to check? Specifically what i am looking for is who ran the "Disable-AIPService" or Disabled AIP using the GUI. 

 

I guess at this point i can open a support ticket as you've suggested. but i was just trying to avoid it. 

 

Thanks, 


Robert 

@Vasil Michev 

Upon further review this is what i see from the AIPserviceAdminLog: 

 

2021-01-13T00:37:56 admin.myaccount@ourtesttenant.com SetTenantFunctionalState -functionalState Enabled Passed TRUE

 

I don't see any other entries that might for example say, Functional State Disabled Passed TRUE. 

 

Thanks, 

 

Robert