There are currently 2247 Cloud Policies in the Microsoft 365 Apps Admin Center.
Changes to the policies are now recorded in the Purview Audit Logs. Since Microsoft notifies admins with a message, it can be inferred that changes to the cloud policies were not logged previously, at least not in a way that was usable to administrators.
Changes made to policy configurations (create, update, delete) will be stored in Purview Audit, allowing admins to search and review change history. These logs will be available to Purview Audit Standard Users.
For Cloud Policies, there is a new workload called CloudPolicyService in the Purview Audit Logs for filtering.
The workload records four activities:
- Created policy configuration
- Deleted policy configuration
- Updated policy configuration
- Updated policy configuration priority
I did a test evaluation.
The summary includes the four activities. Before Microsoft’s introduction of Cloud Policy activities in audit logs, changes from the past are documented with an alternative description.
Audit logs typically capture changes associated with each activity in a JSON format.
{
"Current_Name": "Default Tenant Policy",
"Previous_Name": "Default Tenant Policy",
"Current_Description": "Default Tenant Policy",
"Current_CPSScope": 1,
"Changes_in_Configured_Settings": {
"Create Loop workspaces in Loop": "{\"AllowOverride\":false,\"App\":\"office16\",\"Class\":\"User\",\"Enabled\":true,\"Key\":\"common\\\\loop\",\"RegKeyFullPath\":\"microsoft\\\\office\\\\16.0\\\\common\\\\loop\",\"MaxVersion\":null,\"MinVersion\":null,\"Name\":\"Create Loop workspaces in Loop\",\"Platform\":\"Win32\",\"SettingId\":\"office16;L_Loop_App\",\"Type\":\"REG_DWORD\",\"Value\":\"1\",\"ValueName\":\"Loop_App\",\"Version\":null,\"IsVersionNeutral\":\"False\",\"ParentSettingId\":\"office16;L_Loop_App\",\"ApplicablePlatforms\":[\"Win32\",\"Mac\",\"iOS\",\"Android\",\"Web\"],\"DocVersion\":\"1.0\"}"
},
"Current_Number_of_Policies_Configured": 1,
"Current_Priority_Value": 3
}
