Microsoft 365 Admin Center: Admin Audit logs in Purview
Services
Affected Platforms
Summary
Microsoft 365 now logs admin activities related to Copilot agent management in Microsoft Purview Unified Audit Logs, enhancing security visibility. This feature, enabled by default from late October to mid-November 2025, captures actions like deploy, update, and setting changes, accessible via the Purview Portal without extra configuration.
Details
Updated October 28, 2025: We have updated the content. Thank you for your patience.
Introduction
Admin activity related to agent management will now be logged in Microsoft Purview Unified Audit Logs. This enhancement improves visibility and traceability for security teams managing Copilot agents across Microsoft 365 services.
This message is associated with Microsoft 365 Roadmap ID 498227.
When this will happen:
General Availability (Worldwide): Rollout will begin in late October 2025 and is expected to complete by mid-November 2025.
| Category | Actions | Record Types | Release Timeline |
| Agent Management | Block, Unblock, Deploy, Update, Remove |
| October |
| Category | Actions | Record Types | Release Timeline |
| Agent Management | Publish, Reject, Delete |
| November |
| Agent Tenant Settings | Tenant agent setting, 1P, 3P and LOB Toggle |
| November |
How this affects your organization:
Who is affected:Admins managing Microsoft Copilot agents in Microsoft 365 environments.
What will happen:
- Admin actions such as publishing, deploying, removing, and updating agents will be logged.
- Changes to agent settings at both tenant and agent levels will be captured.
- Audit schema includes key data points such as agent name, agent type, and admin ID.
- Logs will be accessible via the Purview Portal.
- Feature is enabled by default; no configuration required.
Screenshot 1 - Search view in the new Microsoft Purview Unified Audit Log:
Screenshot 2 - Details view in the new Microsoft Purview Unified Audit Log:
What you can do to prepare:
- Security teams can begin searching and reviewing agent-related admin actions in the Purview Portal.
- Familiarize yourself with audit log search capabilities in Purview.
- No additional configuration is required to enable logging.
Compliance considerations:
| Question | Answer |
|---|---|
| Does the change alter how existing customer data is processed, stored, or accessed (e.g. documents, emails, chats, etc.), if so how and to what extent? | Yes – Admin actions related to agent management are now logged, increasing visibility into operational activities. |
| Does the change modify, interrupt, or disable any of the following capabilities (Purview): Audit logging capabilities? | Yes – Adds new audit events specific to agent management in Purview Unified Audit Logs. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities e.g. Purview or admin reporting, if so summarize the changes? | Yes – Admins gain new visibility into agent-related actions, improving compliance reporting and audit traceability. |
| Does the change include an admin control and, can it be controlled through Entra ID group membership? | Yes – Logging is automatic, but access to audit data is controlled via Purview permissions, which can be scoped using Entra ID groups. |