MC917742 - Microsoft Viva Engage (Yammer): Enhanced audit log schema

Service

Microsoft Viva

Published

Oct 24, 2024

Tag

Feature update
Admin impact

Summary

Microsoft Viva Engage (Yammer) will update its audit log schema to include unique identifiers for the user performing an action (actor) and the user/object affected (target), along with a parameter to capture old and new values of modified fields. These changes will be available for E3 license users and will roll out by late December 2024. Admins should update documentation and scripts accordingly.

More information

Coming soon to Microsoft Viva Engage (Yammer): We will update the audit log schema to include parameters that uniquely identify both the user performing an action (actor) and the user/object affected by that action (target).

After this rollout:

  • The actor will be identified by their unique Microsoft Entra ID ObjectId, stored in the UserKey field.
  • The target will be identified by a new parameter TargetObjectId that will also store the target's Entra ID ObjectId.
  • To improve transparency on changes to admin roles and other key scenarios, a new ModifiedProperties parameter will capture both the old and new values of modified fields.

These new parameters will be available for users with an E3 license.

When this will happen:

General Availability (Worldwide): We will begin rolling out end-November 2024 and expected to complete by late December 2024.

How this will affect your organization:

After this rollout, for admins querying audit logs in the Microsoft Purview compliance portal (Microsoft Purview compliance portal > System > Audit), the UserKey will represent the Entra ID ObjectId of the actor. If you are using Microsoft PowerShell commands or custom scripts, please ensure that you are retrieving the correct value for UserKey to identify the actor. Also, ensure any scripts that need to identify the target are using TargetObjectId.

Before the rollout, UserKey was populated with the target user's Passport ID, so existing queries using this parameter may need to be updated. No Entra ID ObjectId was available to uniquely identify users (actor and target).

After the rollout: The UserKey will be mapped to the Entra ID ObjectId of the user performing the action. The new TargetObjectId parameter will capture the Entra ID ObjectId of the user affected by the action, and the ModifiedProperties field will hold the old and new values for any modified fields.

Field changes

Name Mandatory (Yes/no) Old mapping New mapping
UserKey Yes Passport ID of the user Entra ID ObjectId of the actor

New fields
Name Mandatory (Yes/no) Mapping and description
TargetObjectId No Entra ID ObjectId of the target user. Blank if not applicable.
ModifiedProperties No Captures the old and new values of any modified fields during an operation. This is particularly relevant for admin events, such as adding a user as an admin or removing someone from an admin role.

As we apply these changes to the Viva Engage (Yammer) workload audit logs, the UserKey field will be updated immediately to reflect the Entra ID ObjectId of the actor in all audit logs. The new fields TargetObjectId and ModifiedProperties will only be populated for admin-specific audit logs and events. These include actions such as promoting or demoting users to Corporate Communicator, Network Admin, Verified Admin, Yammer Admin roles, as well as enabling or disabling Leadership Corner and setting or updating custom usage policies.

This change will be on for admins who have already enabled it. For everyone else, this change will be off by default and available for admins to configure.

What you need to do to prepare:

To ensure a smooth transition, we recommend notifying your users about this update and updating any relevant documentation to incorporate these changes.

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization.

Learn more: Search the audit log | Microsoft Learn

Track Viva Engage events in the Microsoft 365 audit log and with the Management Activity API | Microsoft Learn