MC1169075 - Microsoft 365 Admin Center: Admin Audit logs in Purview

Message ID

MC1169075

View in Message Center

Service

Microsoft Purview

Last Updated

Oct 28, 2025

Published Oct 9, 2025

Tag

New feature

User impact

Admin impact

Roadmap ID

498227

View in M365 Roadmap

Platforms

Web

Summary

Microsoft 365 now logs admin activities related to Copilot agent management in Microsoft Purview Unified Audit Logs, enhancing security visibility. This feature, enabled by default from late October to mid-November 2025, captures actions like deploy, update, and setting changes, accessible via the Purview Portal without extra configuration.

More information

Updated October 28, 2025: We have updated the content. Thank you for your patience.

Introduction

Admin activity related to agent management will now be logged in Microsoft Purview Unified Audit Logs. This enhancement improves visibility and traceability for security teams managing Copilot agents across Microsoft 365 services.

This message is associated with Microsoft 365 Roadmap ID 498227.

When this will happen:

General Availability (Worldwide): Rollout will begin in late October 2025 and is expected to complete by mid-November 2025.

Category	Actions	Record Types	Release Timeline
Agent Management	Block, Unblock, Deploy, Update, Remove	`AgentAdminActivity`	October

Category	Actions	Record Types	Release Timeline
Agent Management	Publish, Reject, Delete	`AgentAdminActivity`	November
Agent Tenant Settings	Tenant agent setting, 1P, 3P and LOB Toggle	`AgentSettingsAdminActivity`	November

How this affects your organization:

Who is affected:Admins managing Microsoft Copilot agents in Microsoft 365 environments.

What will happen:

Admin actions such as publishing, deploying, removing, and updating agents will be logged.
Changes to agent settings at both tenant and agent levels will be captured.
Audit schema includes key data points such as agent name, agent type, and admin ID.
Logs will be accessible via the Purview Portal.
Feature is enabled by default; no configuration required.

Screenshot 1 - Search view in the new Microsoft Purview Unified Audit Log:

user settings

Screenshot 2 - Details view in the new Microsoft Purview Unified Audit Log:

user settings

What you can do to prepare:

Security teams can begin searching and reviewing agent-related admin actions in the Purview Portal.
Familiarize yourself with audit log search capabilities in Purview.
No additional configuration is required to enable logging.

Compliance considerations:

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed (e.g. documents, emails, chats, etc.), if so how and to what extent?	Yes – Admin actions related to agent management are now logged, increasing visibility into operational activities.
Does the change modify, interrupt, or disable any of the following capabilities (Purview): Audit logging capabilities?	Yes – Adds new audit events specific to agent management in Purview Unified Audit Logs.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities e.g. Purview or admin reporting, if so summarize the changes?	Yes – Admins gain new visibility into agent-related actions, improving compliance reporting and audit traceability.
Does the change include an admin control and, can it be controlled through Entra ID group membership?	Yes – Logging is automatic, but access to audit data is controlled via Purview permissions, which can be scoped using Entra ID groups.