Licensing requirements and contents regarding the AIP dashboard and audit logs

Anonymous
2022-01-03T22:10:08.863+00:00

Hello,

I have some questions about the Azure Information Protection dashboard.

The article below explains how the AIP dashboard can be used to track the discovery, labelling, deletion, and access of files that have been scanned by AIP.

https://learn.microsoft.com/en-us/azure/information-protection/reports-aip

My understanding is that this dashboard does not contain information regarding the movement of labelled data (eg. a labelled file being copied/moved to a different location, uploaded to a cloud application, or sent over email), and that such information will be shown on the DLP dashboard of Microsoft Defender for Cloud Apps dashboard instead. I also understand that if I wanted to view all of the information above in a unified place, I can find that in the audit log:

https://learn.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

Is my above understanding correct? If so, what are the licensing requirements for the AIP dashboard and the audit log? It looks like the audit log can be accessed with a MS365 E3 subscription (please correct me if I am wrong), but I am not sure about the AIP dashboard (the article I have linked above states that a Log Analytics subscription is needed to view the AIP dashboard, but I am unsure whether this is included in the standard E3 bundle).

Thanks

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
560 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-01-03T23:58:49.64+00:00

    Log Analytics is just the service in Azure so there isn't a Log Analytics subscription. You just need to have an Azure subscription to use Log Analytics so that you can pay for whatever you use. You could use either a regular Azure Pay-As-You-Go subscription or an Azure Enterprise subscription. Then you would create the Log Analytics Workspace in your AIP tenant.

    The E3 Licensing plan should be enough to access the audit logs, but the records are only retained for 90 days if you have a non-E5 license. If you have an E5 license they are retained for a year. I believe this rule still applies to the Preview feature but have reached out to the product team to confirm and will update this thread if anything has changed. For just accessing the logs I believe you should be good with the E3 license though. https://learn.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

    The AIP audit logs are also sent to the Microsoft 365 Activity Explorer, and to access that you need an E5 subscription.

    https://azure.microsoft.com/en-us/pricing/purchase-options/pay-as-you-go/

    If you want a full cost and licensing breakdown for your specific scenario, I would recommend reaching out to the billing team. https://azure.microsoft.com/en-us/support/options/

    Here is the number for the sales team: 1-855-270-0615

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.