Microsoft Purview compliance portal: Audit logs for agent management in Microsoft 365 admin center

🚨 The Signal: Microsoft Purview now audits all administrative actions related to agent management in Microsoft 365. This provides critical visibility into who is configuring, publishing, or removing AI agents, enhancing accountability and compliance.

The Impact

Security teams and auditors are affected, gaining crucial visibility into AI agent management activities, reducing insider threat risk.

• Security Teams: Gain audit trails for AI agent changes, reducing blind spots.
• Auditors: Can now verify compliance with AI agent governance policies.
• Compliance Officers: Enhanced ability to demonstrate regulatory adherence for AI deployments.
• AI Governance Teams: Improved oversight of agent lifecycle management.

The Action

1. Review existing Purview audit log retention policies to ensure agent management activities are captured for the required duration.
2. Familiarise security and audit teams with the new audit log categories for agent management within the Purview compliance portal.
3. Integrate agent management audit logs into security information and event management (SIEM) systems for centralised monitoring and alerting.
4. Develop or update incident response playbooks to include investigation steps for suspicious agent management activities.

Domain: Agentic-AI · Impact: high · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898