หมายเหตุ
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลอง ลงชื่อเข้าใช้หรือเปลี่ยนไดเรกทอรีได้
การเข้าถึงหน้านี้ต้องได้รับการอนุญาต คุณสามารถลองเปลี่ยนไดเรกทอรีได้
The Purview portal provides access to audit reports via activity explorer. These reports provide visibility on the labels users apply, manually or automatically, across any applications that have integrated the MIP SDK. Development partners leveraging the SDK can easily enable this functionality, allowing information from their applications to surface in customer reports.
Event Types
There are three types of audit events that can be sent via the SDK. Heartbeat events, discovery events, and change events
Heartbeat Events
Heartbeat events are generated automatically for any application that has integrated the Policy SDK. Heartbeat events include:
- TenantId
- Time Generated
- User Principal Name
- Name of the machine where the audit was generated
- Process Name
- Platform
- Application ID - Corresponds to the Microsoft Entra Application ID.
These events are useful in detecting applications across your enterprise that are using the Microsoft Information Protection SDK.
Discovery Events
Discovery events provide information on labeled information that is read or consumed by the Policy SDK. These events are useful as they surface the devices, location, and users who are accessing information across an organization.
Discovery events are generated in the Policy SDK, by setting a flag when creating the mip::PolicyHandler object. In the example below, the value for isAuditDiscoveryEnabled is set to true. When mip::ExecutionState is passed to ComputeActions() or GetSensitivityLabel() (with existing metadata information and content identifier), discovery information will be submitted to Microsoft Purview activity explorer.
The discovery audit is generated once the application calls ComputeActions() or GetSensitivityLabel() and provides mip::ExecutionState. This event is generated only once per handler.
Review the mip::ExecutionState concepts documentation for more details on execution state.
// Create PolicyHandler, passing in true for isAuditDiscoveryEnabled
auto handler = mEngine->CreatePolicyHandler(true);
// Returns vector of mip::Action and generates discovery event.
auto actions = handler->ComputeActions(*state);
//Or, get the label for a given state
auto label = handler->GetSensitivityLabel(*state);
In practice, isAuditDiscoveryEnabled should be true during mip::PolicyHandler construction, to allow file access information to flow to activity explorer.
Change Event
Change events provide information about the file, the label that was applied or changed, and any justifications provided by the user. Change events are generated by calling NotifyCommittedActions() on the mip::PolicyHandler. The call is made after a change has been successfully committed to a file, passing in the mip::ExecutionState that was used to compute the actions.
If the application fails to call this function, no audit events are sent.
handler->NotifyCommittedActions(*state);
Audit Dashboard
Audit events sent by the SDK will be available in Purview activity explorer.
Next Steps
- For details on the Microsoft Purview activity explorer, see Get started with activity explorer.
- Download the Policy SDK Samples from GitHub and try out the Policy SDK