Microsoft Viva Engage (Yammer): Enhanced audit log schema
Microsoft Viva Engage (Yammer) will update its audit log schema to include unique identifiers for the user performing an action (actor) and the user/object affected (target), along with a parameter to capture old and new values of modified fields. These changes will be available for E3 license users and will roll out by late December 2024. Admins should update documentation and scripts accordingly.
Coming soon to Microsoft Viva Engage (Yammer): We will update the audit log schema to include parameters that uniquely identify both the user performing an action (actor) and the user/object affected by that action (target).
After this rollout:
- The actor will be identified by their unique Microsoft Entra ID
ObjectId
, stored in theUserKey
field. - The target will be identified by a new parameter
TargetObjectId
that will also store the target’s Entra IDObjectId
. - To improve transparency on changes to admin roles and other key scenarios, a new
ModifiedProperties
parameter will capture both the old and new values of modified fields.
These new parameters will be available for users with an E3 license.
When this will happen:
General Availability (Worldwide): We will begin rolling out end-November 2024 and expected to complete by late December 2024.
How this will affect your organization:
After this rollout, for admins querying audit logs in the Microsoft Purview compliance portal (Microsoft Purview compliance portal > System > Audit), the UserKey
will represent the Entra ID ObjectId
of the actor. If you are using Microsoft PowerShell commands or custom scripts, please ensure that you are retrieving the correct value for UserKey
to identify the actor. Also, ensure any scripts that need to identify the target are using TargetObjectId
.
Before the rollout, UserKey
was populated with the target user’s Passport ID, so existing queries using this parameter may need to be updated. No Entra ID ObjectId
was available to uniquely identify users (actor and target).
After the rollout: The UserKey will be mapped to the Entra ID ObjectId of the user performing the action. The new TargetObjectId
parameter will capture the Entra ID ObjectId of the user affected by the action, and the ModifiedProperties
field will hold the old and new values for any modified fields.
Field changes
Name | Mandatory (Yes/no) | Old mapping | New mapping |
---|---|---|---|
UserKey |
Yes | Passport ID of the user | Entra ID ObjectId of the actor |
New fields
Name | Mandatory (Yes/no) | Mapping and description |
---|---|---|
TargetObjectId |
No | Entra ID ObjectId of the target user. Blank if not applicable. |
ModifiedProperties |
No | Captures the old and new values of any modified fields during an operation. This is particularly relevant for admin events, such as adding a user as an admin or removing someone from an admin role. |
As we apply these changes to the Viva Engage (Yammer) workload audit logs, the UserKey
field will be updated immediately to reflect the Entra ID ObjectId
of the actor in all audit logs. The new fields TargetObjectId
and ModifiedProperties
will only be populated for admin-specific audit logs and events. These include actions such as promoting or demoting users to Corporate Communicator, Network Admin, Verified Admin, Yammer Admin roles, as well as enabling or disabling Leadership Corner and setting or updating custom usage policies.
This change will be on for admins who have already enabled it. For everyone else, this change will be off by default and available for admins to configure.
What you need to do to prepare:
To ensure a smooth transition, we recommend notifying your users about this update and updating any relevant documentation to incorporate these changes.
This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization.
Learn more: Search the audit log | Microsoft Learn
Message ID: MC917742