Size of the Microsoft Purview Audit Log for sizing SIEM / Splunk Storage
Hi there, we plan to export our M365 Audit Logs into a Splunk solution. The license cost is based on the storage needed. my questions: - is there a way to assess the storage used by our Audit logs in Microsoft Purview? - is there a way to calculate the storage needed for a number of users in a give time, e.g. per day/ week for heavy, medium, low M365 usage, I only need rough numbers? - does anybody have experience or numbers of their export to a SIEM system? Any support highly appreciated. Thanks, Franck
Create an Audit for all sites associated to a Hub Site
There is a specific Hub Site that we created for documents that we have migrated from a legacy system to be reviewed by staff. There are over 20 sites associated with the Hub Site. We pull Audit Searches of activity for use with a PowerBI that we use to help determine activity and volume of usage. I was hoping that there is an easier way to pull the Audits for all of the sites associated with the Hub Site rather than having to pull an audit log for each and every single site.Audit logs for a change made in SP Admin Center didn't show a change from modern auth to legacy auth
I was performing an audit in Microsoft Purview, https://compliance.microsoft.com/auditlogsearch?viewid=Async%20Search I did a New Search (preview) and I selected a person to "monitor" who was granted access to heightened security. I was monitoring to see what they might be doing and or if they were making changes. I did the audit on the account and for the date as "current" as possible. I ran the search, and it didn't show me that they changed from modern authentication to legacy authentication. I noticed it when they told me. The area is here: https://xxxxxxxxx-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/accessControl/LegacyAuthentication Is there a way to have the auditing check the admin centers for admin's performing work and changing things? Thank you. Matt
