We help IT Professionals succeed at work.

security roles office365

pma111
pma111 asked
on
is there a specific security role in office365 which would allow our risk team to run message trace requests and also have complete unrestricted to the various audit logs, such as the unified audit log. e.g. that mentioned in here:

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance

it would be also useful to identify the current auditing settings, e.g. what is and what is not being captured, so identifying
Comment
Watch Question

Most Valuable Expert 2015
Distinguished Expert 2019
Commented:
Well the unified audit log is considered a sensitive asset, so by default very few roles get access to it. If you want to use a pre-built role, the Global reader is the closest you can get, but that role is still restricted in some aspects and cannot for example run message traces. So you're better off creating a custom role within the SCC and granting just the permissions you want.

Author

Commented:
Ok thanks. Is there a lower privelege role that can run message traces so we could combine the two?

Author

Commented:
which specific systems is the unified audit log  querying ?
Most Valuable Expert 2015
Distinguished Expert 2019

Commented:
The unified audit log is querying data across all O365 workloads, thus the name. As for message trace, you could do with the Exchange-specific View-Only Recipients role.