Glossary
This page provides a comprehensive list of activities, grouped by categories, with detailed descriptions and examples for each. You can search for specific activities, explore them by group, and view practical examples to better understand their purpose and usage. Whether you are managing compliance, monitoring processes, or analyzing data, this glossary will help you quickly find the information you need.
| Group | Title | Definition | Examples |
|---|---|---|---|
| File and page activities | Access file | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| File and page activities | Changed retention label for a file | The activity is recorded when the retention label of a file is updated to change its retention period or classification. | Changing the retention label from 'General' to 'Confidential'; Applying a retention policy to a file |
| File and page activities | Deleted file marked as a record | The activity is recorded when a file marked as a record is deleted, indicating it was part of a compliance process. | Deleting a document that is marked as a record for compliance; Attempting to delete a record-protected file |
| File and page activities | Checked in file | The activity is recorded when a user checks in a file after making changes or edits. | Checking in a document after edits in SharePoint; Saving changes to a file and completing the check-in process |
| File and page activities | Changed record status to locked | The activity is recorded when the record status of a file is updated to locked, preventing further changes. | Locking a document to prevent editing; Updating record status for compliance |
| File and page activities | Changed record status to unlocked | The activity is recorded when the record status of a file is updated to unlocked, allowing modifications. | Unlocking a document to allow editing; Changing record status to enable updates |
| File and page activities | Checked out file | The activity is recorded when a user checks out a file to make changes exclusively. | Checking out a document in SharePoint to edit; Locking a file for exclusive edits |
| File and page activities | Copied file | The activity is recorded when a user or system makes a copy of a file. | Copying a document to a different folder; Duplicating a file for review purposes |
| File and page activities | Discarded file checkout | The activity is recorded when a user discards the check-out status of a file, reverting it to its previous state. | Discarding changes made during a checkout; Canceling the check-out status of a file |
| File and page activities | Deleted file | The activity is recorded when a file is deleted from its current location. | Deleting a file in SharePoint or OneDrive; Removing a document from a shared folder |
| File and page activities | Deleted file from recycle bin | The activity is recorded when a file is deleted from the first-stage recycle bin. | Permanently deleting a file from the recycle bin; Clearing the recycle bin manually |
| File and page activities | Deleted file from second-stage recycle bin | The activity is recorded when a file is permanently deleted from the second-stage recycle bin. | Deleting a file from second-stage recovery; Permanently removing a document |
| File and page activities | Detected document sensitivity mismatch | The activity is recorded when a file's sensitivity label is inconsistent with its content or policy. | Detecting confidential content in an unlabeled file; Mismatch in sensitivity classification |
| File and page activities | Detected malware in file | The activity is recorded when malware is detected in a file. | Scanning a file and detecting malware; Flagging a file as containing malicious content |
| File and page activities | Downloaded file | The activity is recorded when a user downloads a file from a supported location. | Downloading a document from SharePoint; Exporting a file for offline use |
| File and page activities | Modified file | The activity is recorded when a user or system makes changes to a file. | Editing a document in Word Online; Saving changes to a file |
| File and page activities | Moved file | The activity is recorded when a file is moved from one location to another. | Moving a file to a new folder; Relocating a document to another library |
| File and page activities | Uploaded file | The activity is recorded when a file is uploaded to a supported location. | Uploading a file to SharePoint; Adding a document to a shared folder |
| File and page activities | Viewed page | The activity is recorded when a user views a page. | Viewing a SharePoint page; Accessing a site homepage |
| File and page activities | Performed search query | The activity is recorded when a user performs a search query within a platform. | Searching for a file using keywords; Running a query in a SharePoint site |
| Information protection and DLP activities | Matched DLP rule | The activity is recorded when a file, email, or data matches a configured Data Loss Prevention (DLP) rule. | A document containing sensitive information like credit card numbers triggered a DLP rule; An email attachment matched a configured DLP rule |
| Information protection and DLP activities | Removed DLP rule from document | The activity is recorded when a DLP rule is manually or programmatically removed from a document. | Removing a DLP rule tag from a file; Clearing DLP classification for a document |
| Information protection and DLP activities | Applied sensitivity label to an email | The activity is recorded when a sensitivity label is applied to an email for classification or protection. | Applying a 'Confidential' sensitivity label to an email; Tagging an email with an encryption-based sensitivity label |
| Information protection and DLP activities | Matched auto-labeling policy rule | The activity is recorded when an auto-labeling policy rule matches content and applies labels automatically. | An auto-labeling policy flagged a document for containing sensitive keywords; Automatically applying a sensitivity label to a file |
| Information protection and DLP activities | Generated auto-labeling simulation feedback | The activity is recorded when feedback is generated as part of running an auto-labeling simulation. | Simulating auto-labeling for documents; Feedback identifies areas where labels would apply |
| Information protection and DLP activities | Generated auto-labeling simulation statistics | The activity is recorded when statistical data is generated during an auto-labeling simulation. | Generating statistics for auto-labeling simulation; Quantifying the number of files affected by labeling rules |
| Information protection and DLP activities | Completed auto-labeling policy simulation | The activity is recorded when an auto-labeling policy simulation has successfully completed. | Completing the simulation of auto-labeling policies; Assessing the impact of labeling rules before implementation |
| Information protection and DLP activities | Created DLP rule | The activity is recorded when a new Data Loss Prevention (DLP) rule is created in the system. | Creating a rule to detect and block sharing of credit card data; Defining a DLP rule for sensitive information protection |
| Information protection and DLP activities | Updated DLP rule | The activity is recorded when an existing DLP rule is modified or updated. | Updating conditions for a DLP rule; Changing the action taken when a rule is triggered |
| Information protection and DLP activities | Deleted DLP rule | The activity is recorded when a DLP rule is deleted from the system. | Removing an obsolete DLP rule; Deleting a rule that no longer applies |
| Information protection and DLP activities | Created DLP policy | The activity is recorded when a new DLP policy is created to govern data protection. | Creating a DLP policy to restrict sharing of personal data; Setting up a new policy for content classification |
| Information protection and DLP activities | Updated DLP policy | The activity is recorded when an existing DLP policy is modified or updated. | Updating DLP policy rules to include new sensitive content types; Modifying actions to alert administrators for policy breaches |
| Information protection and DLP activities | Deleted DLP policy | The activity is recorded when a DLP policy is removed from the system. | Deleting an outdated DLP policy; Removing policies that no longer align with business requirements |
| Folder activities | Copied folder | The activity is recorded when a user or system copies a folder from one location to another within supported platforms (e.g., SharePoint Online, OneDrive for Business, Teams). | Copying a folder to a different document library; Duplicating a folder for backup; Copying a shared folder to a user's personal directory |
| Folder activities | Created folder | The activity is recorded when a user or system creates a new folder in supported platforms. | Creating a new folder in a SharePoint library; Adding a folder in OneDrive; Programmatically creating folders via API |
| Folder activities | Deleted folder | The activity is recorded when a user or system deletes a folder, moving it to the recycle bin. | Deleting an unused project folder; Removing a folder from a shared document library; Deleting a folder through an automated cleanup process |
| Folder activities | Deleted folder from recycle bin | The activity is recorded when a user or system permanently deletes a folder from the recycle bin. | Permanently removing a folder from the first-stage recycle bin; Deleting a folder to free up space; Clearing folders from the recycle bin manually |
| Folder activities | Deleted folder from second-stage recycle bin | The activity is recorded when a user or administrator permanently deletes a folder from the second-stage recycle bin. | Permanently deleting a folder in the second-stage recycle bin after retention period; Admin removing folders during a cleanup; Automated process clearing folders from the second-stage recycle bin |
| Folder activities | Modified folder | The activity is recorded when a user or system modifies a folder's properties, such as metadata or permissions. | Changing folder metadata (e.g., name, description); Updating folder permissions; Tagging a folder with additional properties |
| Folder activities | Moved folder | The activity is recorded when a user or system moves a folder from one location to another within supported platforms. | Moving a folder to a new document library; Reorganizing folder structure; Moving a folder programmatically |
| Folder activities | Recycled folder | The activity is recorded when a user or system moves a folder to the recycle bin. | Sending a folder to the recycle bin after deletion; Recycling a folder to clean up the library; Automated processes recycling old folders |
| Folder activities | Renamed folder | The activity is recorded when a user or system renames a folder. | Renaming a folder for better clarity; Correcting a typo in a folder name; Programmatically renaming folders |
| Folder activities | Restored folder | The activity is recorded when a user or system restores a folder from the recycle bin to its original or a different location. | Restoring a folder accidentally deleted; Bringing back a folder from the recycle bin to the original document library; Restoring folders using an automated script |
| SharePoint list activities | Created list | The activity is recorded when a user or system creates a new list in a SharePoint site or similar platform. | Creating a new task list for project management; Setting up a custom list for tracking inventory; Generating a list using an automated process or script |
| SharePoint list activities | Created list column | The activity is recorded when a user or system adds a new column to a list to store additional data or customize the list structure. | Adding a 'Due Date' column to a task list; Creating a 'Priority' column for tracking issues; Adding columns using an automated process or script |
| SharePoint list activities | Created list content type | The activity is recorded when a user or system creates a new content type for a list to define custom metadata, templates, or workflows. | Creating a 'Project Document' content type with predefined columns; Setting up a 'Meeting Notes' content type for a specific list; Defining a custom content type using an automated script |
| SharePoint list activities | Created list item | The activity is recorded when a user or system adds a new item to a list in a SharePoint site or similar platform. | Adding a new task to a project task list; Submitting an entry in a custom form connected to a SharePoint list; Automatically generating a list item using a workflow or script |
| SharePoint list activities | Created site column | The activity is recorded when a user or system creates a new site column to standardize metadata across lists and libraries in a SharePoint site. | Creating a 'Department' column for consistent metadata usage; Adding a 'Review Status' column to be used across multiple lists and libraries; Defining a site column using an automated script for site-wide deployment |
| Content type activities | SharePoint list activities | The activity is recorded when a user or system creates a new site content type to define reusable metadata, templates, and workflows across lists and libraries in a SharePoint site. | Creating a 'Policy Document' content type for consistent metadata across libraries; Defining a 'Contract' content type with specific templates and workflows; Setting up a site content type using an automated script for broader use |
| List activities | SharePoint list activities | The activity is recorded when a user or system deletes a list from a SharePoint site or similar platform, either intentionally or as part of a cleanup process. | Removing an outdated task list from a project site; Deleting a custom list no longer in use; Automatically deleting lists as part of a script or workflow |
| SharePoint list activities | Deleted list column | The activity is recorded when a user or system removes a column from a list to streamline data or eliminate unused fields. | Deleting an obsolete 'Priority' column from a task list; Removing a 'Notes' column that is no longer needed; Automatically deleting columns as part of a script or workflow |
| SharePoint list activities | Deleted list content type | The activity is recorded when a user or system deletes a content type from a list to simplify its structure or remove unused configurations. | Deleting a 'Meeting Notes' content type from a specific list; Removing an unused 'Invoice' content type to streamline metadata; Automatically deleting content types using a script or workflow |
| SharePoint list activities | Deleted list item | The activity is recorded when a user or system deletes an item from a list to remove outdated, incorrect, or unnecessary data. | Deleting a completed task from a project task list; Removing an outdated entry from a custom list; Automatically deleting list items as part of a cleanup workflow or script |
| SharePoint list activities | Deleted site column | The activity is recorded when a user or system deletes a site column to remove unused or outdated metadata fields across a SharePoint site. | Deleting an unused 'Department' column from the site column gallery; Removing a 'Review Status' column no longer required across lists and libraries; Automatically deleting site columns using a script for site cleanup |
| SharePoint list activities | Deleted site content type | The activity is recorded when a user or system deletes a site content type to remove unused or outdated configurations from a SharePoint site. | Deleting an obsolete 'Policy Document' content type from the site; Removing a 'Contract' content type no longer in use across libraries; Automatically deleting site content types using a script or workflow |
| SharePoint list activities | Recycled list item | The activity is recorded when a user or system moves a list item to the recycle bin to temporarily remove it from view before permanent deletion. | Moving a task to the recycle bin after it is marked as completed; Recycling a list entry that is mistakenly added or outdated; Automatically recycling list items as part of a cleanup process or workflow |
| SharePoint list activities | Restored list | The activity is recorded when a user or system restores a deleted list from the recycle bin back to its original or a different location in a SharePoint site. | Restoring a task list that was accidentally deleted; Bringing back a custom list from the recycle bin to its original document library; Restoring a list using an automated script or workflow |
| SharePoint list activities | Restored list item | The activity is recorded when a user or system restores a deleted list item from the recycle bin back to its original or a different list location. | Restoring a task that was accidentally deleted from a project task list; Bringing back a list item from the recycle bin to the custom list; Restoring a list item using an automated process or script |
| SharePoint list activities | Updated list | The activity is recorded when a user or system makes changes to an existing list, such as modifying its structure or settings. | Updating the metadata or settings of a task list; Changing the name or description of a custom list; Modifying list settings or permissions using an automated script |
| SharePoint list activities | Updated list column | The activity is recorded when a user or system makes changes to an existing list column, such as modifying its name, type, or settings. | Changing the name or type of a 'Priority' column in a task list; Modifying the validation settings of a 'Due Date' column; Updating a list column using an automated process or script |
| SharePoint list activities | Updated list content type | The activity is recorded when a user or system makes changes to an existing content type in a list, such as modifying its metadata, templates, or associated workflows. | Updating the metadata fields of a 'Contract' content type used in a document library; Changing the default document template associated with a content type; Modifying a list content type using an automated process or script |
| SharePoint list activities | Updated list item | The activity is recorded when a user or system makes changes to an existing list item, such as updating its data or status. | Updating the status of a task in a project task list; Modifying the content of an existing entry in a custom list; Changing a list item's details through an automated process or script |
| SharePoint list activities | Updated site column | The activity is recorded when a user or system makes changes to an existing site column, such as modifying its properties, validation settings, or type. | Updating the data type of a 'Department' site column from text to choice; Modifying the default value or validation settings of a site column; Changing a site column's settings using an automated process or script |
| SharePoint list activities | Updated site content type | The activity is recorded when a user or system makes changes to an existing site content type, such as modifying its metadata, templates, or associated workflows. | Updating the metadata fields of a 'Document' site content type; Changing the template associated with a content type for site-wide use; Modifying a site content type using an automated process or script |
| Sharing and access request activities | Added permission level to site collection | The activity is recorded when a user or system adds a new permission level to a site collection to control access and security settings for users or groups. | Adding a 'Contributor' permission level to a site collection for specific users; Creating a custom permission level for site collection access; Adding permission levels using an automated script for site security management |
| Sharing and access request activities | Accepted access request | The activity is recorded when a user or administrator accepts an access request, granting a user or group permission to access a specific site, list, or document. | Accepting an access request for a document library to grant a user permission; Granting site access after reviewing an access request; Automatically accepting access requests via a script or workflow |
| Sharing and access request activities | Accepted sharing invitation | The activity is recorded when a user accepts a sharing invitation, granting them access to a shared document, folder, or site in SharePoint or OneDrive. | Accepting an invitation to view or edit a shared document; Granting a user access to a shared folder after they accept the invitation; Automatically accepting sharing invitations as part of an access management process |
| Sharing and access request activities | Blocked sharing invitation | The activity is recorded when a user or administrator blocks a sharing invitation, preventing a user from gaining access to a shared document, folder, or site in SharePoint or OneDrive. | Blocking a sharing invitation to restrict access to a confidential document; Preventing a user from accessing a shared folder by blocking the invitation; Automatically blocking sharing invitations through a security policy or script |
| Sharing and access request activities | Created access request | The activity is recorded when a user creates an access request to gain permission to a specific site, list, or document in SharePoint or OneDrive. | Submitting an access request to gain access to a restricted document library; Requesting permission to view a private folder or site; Automatically generating access requests through a workflow or script |
| Sharing and access request activities | Created a company shareable link | The activity is recorded when a user creates a shareable link to a document, folder, or site within the company, allowing others within the organization to access the content. | Creating a link to share a document with internal users only; Generating a company-wide shareable link to a team folder; Automatically creating shareable links as part of a document management process |
| Sharing and access request activities | Created an anonymous link | The activity is recorded when a user creates a shareable link that allows access to a document, folder, or site without requiring authentication, making it accessible to anyone with the link. | Creating an anonymous link to share a document publicly; Generating an anonymous link to distribute a report to external partners; Automatically generating anonymous links for marketing materials or public content |
| Sharing and access request activities | Created secure link | The activity is recorded when a user creates a secure shareable link, allowing access to a document, folder, or site with restricted permissions, ensuring that only authorized users can access the content. | Creating a secure link with password protection for a sensitive document; Generating a secure link with an expiration date for a private folder; Automatically creating secure links for confidential files within the organization |
| Sharing and access request activities | Deleted secure link | The activity is recorded when a user deletes a previously created secure link, revoking access to a document, folder, or site with restricted permissions. | Deleting a secure link to a confidential document after it is no longer needed; Removing a secure link with an expiration date to prevent further access; Automatically deleting secure links as part of a document cleanup process |
| Sharing and access request activities | Created sharing invitation | The activity is recorded when a user creates a sharing invitation to grant access to a document, folder, or site, allowing others to collaborate or view the content. | Creating a sharing invitation to invite a user to collaborate on a document; Sending a sharing invitation to grant access to a folder; Automatically generating sharing invitations as part of a team collaboration process |
| Sharing and access request activities | Denied access request | The activity is recorded when a user or administrator denies an access request, preventing a user or group from gaining permission to access a specific site, list, or document. | Denying an access request for a restricted document library; Refusing access to a site after reviewing an access request; Automatically denying access requests based on security policies |
| Sharing and access request activities | Removed a company shareable link | The activity is recorded when a user removes a company shareable link, revoking access to a document, folder, or site shared within the organization. | Removing a company shareable link to restrict access to an internal document; Revoking a shared folder link to prevent further distribution within the organization; Automatically removing company shareable links as part of a content cleanup process |
| Sharing and access request activities | Removed an anonymous link | The activity is recorded when a user removes an anonymous link, revoking public access to a document, folder, or site that was previously shared without authentication. | Removing an anonymous link to prevent public access to a document; Revoking an anonymous link to ensure that a folder is no longer accessible by anyone with the link; Automatically deleting an anonymous link after a content review or policy change |
| Sharing and access request activities | Shared file, folder, or site | The activity is recorded when a user shares a file, folder, or site with another user or group, granting them access to view, edit, or collaborate on the content. | Sharing a document with a colleague for collaboration; Granting access to a folder for a specific team; Sharing a site with external partners to provide them with restricted access |
| Sharing and access request activities | Unshared file, folder, or site | The activity is recorded when a user removes the sharing permissions from a file, folder, or site, revoking access for the users or groups who were previously granted permission. | Unsharing a document to prevent further collaboration with a specific user; Revoking access to a folder for a team that no longer needs access; Removing sharing permissions from a site to restrict access to external users |
| Sharing and access request activities | Updated access request | The activity is recorded when a user or administrator updates an existing access request, modifying the requested permissions or the users/groups seeking access to a site, list, or document. | Updating an access request to change the permissions for a requested user; Modifying an access request to include additional users or resources; Automatically updating access requests based on workflow or security rules |
| Sharing and access request activities | Updated an anonymous link | The activity is recorded when a user updates an existing anonymous link, modifying its settings such as expiration date, permissions, or access restrictions for a document, folder, or site shared publicly. | Updating an anonymous link to extend the expiration date for continued public access; Modifying an anonymous link to restrict viewing permissions for a document; Changing the access settings of an anonymous link to allow or prevent editing |
| Sharing and access request activities | Updated sharing invitation | The activity is recorded when a user updates an existing sharing invitation, modifying the recipient's permissions or the access settings for a document, folder, or site being shared. | Updating a sharing invitation to change the permissions from view-only to edit; Modifying a sharing invitation to add additional recipients for a document; Changing the expiration or access settings of a previously sent sharing invitation |
| Sharing and access request activities | Used a company shareable link | The activity is recorded when a user accesses a document, folder, or site using a company shareable link, which grants access to content within the organization. | Accessing a document through a company shareable link for internal collaboration; Using a company shareable link to view a shared folder within the organization; Opening a site from a company shareable link provided by a colleague |
| Sharing and access request activities | Used an anonymous link | The activity is recorded when a user accesses a document, folder, or site using an anonymous link, which grants public access to the content without requiring authentication. | Accessing a document shared publicly via an anonymous link; Opening a folder through an anonymous link distributed externally; Viewing a site or report via an anonymous link shared on a public platform |
| Sharing and access request activities | Used secure link | The activity is recorded when a user accesses a document, folder, or site using a secure link, which provides access with restricted permissions, such as password protection or limited access duration. | Accessing a document using a secure link with a password; Opening a folder shared via a secure link with an expiration date; Using a secure link to view a confidential file with limited permissions |
| Sharing and access request activities | User added to secure link | The activity is recorded when a user is granted access to a document, folder, or site via a secure link, allowing them to view or edit the content based on specified permissions. | Adding a user to a secure link for accessing a document with restricted permissions; Granting access to a folder via a secure link with limited viewing or editing rights; Including a new user in the list of authorized individuals for a secure link |
| Sharing and access request activities | User removed from secure link | The activity is recorded when a user is removed from a secure link, revoking their access to a document, folder, or site that was previously shared with restricted permissions. | Removing a user from a secure link to prevent further access to a document; Revoking a user's access to a folder shared via a secure link with restricted permissions; Automatically removing a user from the authorized list for a secure link after they no longer need access |
| Sharing and access request activities | Withdrew sharing invitation | The activity is recorded when a user cancels or withdraws a sharing invitation, preventing the recipient from gaining access to a document, folder, or site. | Withdrawing a sharing invitation before the recipient accepts the access request; Cancelling a sharing invitation for a document that is no longer needed to be shared; Revoking a sharing invitation to restrict access to a folder before it is accessed |
| Site permissions activities | Added site collection admin | This activity logs when a new user is granted site collection administrator privileges, which gives full control over all content and settings within the site collection. | Granting admin rights to a new project lead; Adding a compliance officer as a site collection admin; Restoring admin access for a previous site owner |
| Site permissions activities | Added user or group to SharePoint group | This activity is logged when a user or security group is added to a SharePoint group, granting them permissions defined by that group within a site collection. | Adding a user to the 'Members' group of a team site; Assigning a security group to the 'Visitors' group; Using PowerShell to add a user to a SharePoint group |
| Site permissions activities | Broke permission level inheritance | This activity is recorded when unique permissions are set for a file, folder, or site by breaking its inheritance from the parent object. This allows for custom permissions on the item. | Breaking inheritance on a document library to assign specific user access; Setting unique permissions on a single file within a shared folder; Using SharePoint interface to stop inheriting permissions from a parent site |
| Site permissions activities | Broke sharing inheritance | This activity is logged when an item (such as a file or folder) stops inheriting its sharing settings from its parent, allowing customized sharing permissions for that specific item. | Breaking sharing inheritance on a folder to share it with external users; Removing inherited sharing settings to restrict access to a file; Using advanced sharing settings to set unique permissions |
| Site permissions activities | Created group | This activity is logged when a new SharePoint group is created. SharePoint groups are used to manage user permissions collectively within a site collection. | Creating a new 'Project Editors' group for a site; Setting up a custom group to manage contributors; Using PowerShell or the SharePoint UI to add a new group |
| Site permissions activities | Deleted group | This activity is recorded when a SharePoint group is removed from a site collection. Deleting a group removes its associated permissions and membership assignments. | Removing an obsolete 'Project Reviewers' group; Deleting a group no longer needed for access control; Using site settings or PowerShell to delete a group |
| Site permissions activities | Modified access request setting | This activity is logged when the settings for access requests are changed on a SharePoint site or resource. This includes enabling or disabling access requests or changing the email address where requests are sent. | Enabling access request emails for a site; Changing the recipient of access requests to a distribution list; Disabling access requests for a document library |
| Site permissions activities | Modified 'Members Can Share' setting | This activity is recorded when the setting that controls whether site members can share content with others is changed. This affects how users with edit permissions can invite others to view or edit items. | Disabling sharing capabilities for members to restrict external access; Allowing members to share files with guests; Updating the sharing policy to comply with organizational rules |
| Site permissions activities | Modified site permissions | This activity is logged when permissions are changed on a SharePoint site. It includes adding or removing users or groups, or changing permission levels for existing users or groups. | Granting 'Edit' access to a new team member; Changing a group's permission level from 'Contribute' to 'Read'; Removing a user's access from the site |
| Site permissions activities | Removed site collection admin | This activity is recorded when a user is removed from the list of site collection administrators, thereby revoking their full control permissions across the entire site collection. | Revoking admin rights from a former project owner; Cleaning up permissions by removing unused admin accounts; Using PowerShell to remove a site collection administrator |
| Site permissions activities | Removed permission level from site collection | This activity is logged when a custom or default permission level is deleted from a SharePoint site collection, potentially affecting users or groups relying on that level for access. | Deleting a custom 'Reviewer' permission level no longer in use; Removing an unused legacy permission level for cleanup; Deleting a permission level to enforce a new access policy |
| Site permissions activities | Removed user or group from SharePoint group | This activity is logged when a user or security group is removed from a SharePoint group, which may revoke their access or change their permissions depending on group configuration. | Removing a contractor from the 'Site Members' group after project completion; Revoking group membership due to access review; Using PowerShell to remove a user from a SharePoint group |
| Site permissions activities | Requested site admin permissions | This activity is recorded when a user submits a request to become a site collection administrator or to be granted admin-level permissions on a SharePoint site. | Requesting site admin rights through the access request page; Submitting a justification for elevated access; Triggering a workflow for site owner approval to become an admin |
| Site permissions activities | Restored sharing inheritance | This activity is logged when an item (such as a file, folder, or site) is reconfigured to inherit its sharing permissions from its parent object, removing any unique sharing settings. | Reverting a file to inherit folder-level sharing settings; Removing custom sharing permissions and applying default parent rules; Using the SharePoint UI to restore sharing inheritance for a library |
| Site permissions activities | Updated group | This activity is logged when changes are made to an existing SharePoint group. This can include renaming the group, updating its description, or changing its settings such as who can view or edit group membership. | Renaming a group from 'Project Team A' to 'Project Alpha Team'; Changing group settings to restrict who can edit membership; Updating the group description to reflect new responsibilities |
| Site administration activities | Changed retention label for a file | This activity is logged when a user or automated process changes the retention label applied to a file. Retention labels determine how long content is preserved and what actions are allowed. | Changing a file's label from 'General' to 'Confidential'; Applying a new retention policy due to updated compliance rules; Updating a retention label via Microsoft Purview or PowerShell |
| Site administration activities | Added exempt user agent | This activity is logged when a user agent string is added to the list of exemptions in conditional access or policy enforcement. Exempt user agents are typically system processes or applications that need to bypass certain restrictions for compatibility or operational reasons. | Adding a legacy application’s user agent to bypass policy enforcement; Allowing specific scanning tools to access files without restrictions; Configuring exemptions to avoid conditional access blocks for trusted tools |
| Site administration activities | Added geo location admin | This activity is logged when a user is granted administrative permissions for a specific geo location within a multi-geo environment in SharePoint or OneDrive. Geo location admins manage data residency and compliance settings for their assigned region. | Assigning a new admin to manage the European data location; Delegating geo admin rights to a regional compliance officer; Granting admin permissions to oversee content in a new geo location |
| Site administration activities | Allowed user to create groups | This activity is recorded when a user is granted the ability to create Microsoft 365 groups, which can be used across services like SharePoint, Teams, and Outlook. Granting this permission allows the user to initiate new collaboration spaces. | Enabling group creation for a department head to manage team spaces; Updating group creation policies via Azure AD; Allowing a user to bypass the default restriction on group creation |
| Site administration activities | Cancelled site geo move | This activity is logged when a previously initiated move of a SharePoint site to a different geo location is cancelled. Geo moves are part of multi-geo configurations that allow data residency management across regions. | Cancelling a scheduled move of a site from the US to the EU region; Reversing a geo move due to compliance or business reasons; Using the admin center or PowerShell to stop a site relocation |
| Site administration activities | Changed a sharing policy | This activity is recorded when an admin modifies the sharing policy for a SharePoint or OneDrive environment. Sharing policies govern how content can be shared internally or externally, and what restrictions apply. | Changing external sharing from 'Anyone' to 'Only existing guests'; Restricting file sharing to domain-specific users; Modifying link expiration settings in the sharing policy |
| Site administration activities | Changed device access policy | This activity is logged when an admin updates the policy that governs how devices can access SharePoint or OneDrive content. Device access policies help enforce security requirements such as requiring managed devices or blocking access from non-compliant endpoints. | Requiring devices to be Intune-compliant to access SharePoint; Blocking access from unmanaged mobile devices; Updating conditional access rules tied to device trust |
| Site administration activities | Changed notification preference | This activity is recorded when a user or administrator modifies notification settings related to SharePoint or OneDrive activities. These preferences determine what alerts or emails are sent for events like sharing, access, or policy changes. | Turning off email notifications for file sharing; Enabling notifications for site activity alerts; Changing the frequency of admin digest emails |
| Site administration activities | Changed exempt user agents | This activity is logged when the list of exempt user agent strings is modified. Exempt user agents are typically system tools, legacy apps, or trusted services that are allowed to bypass certain conditional access or policy restrictions. | Removing a legacy app's user agent from the exemption list; Updating the exemption list to include a trusted scanning tool; Modifying policy exemptions for automated processes |
| Site administration activities | Changed network access policy | This activity is recorded when an administrator updates the network access policy settings for SharePoint or OneDrive. These policies define the trusted IP ranges and network boundaries from which users can access organizational content. | Adding a new trusted IP range to the policy; Restricting access to SharePoint from corporate network only; Modifying conditional access rules related to network locations |
| Site administration activities | Completed site geo move | This activity is logged when the move of a SharePoint site to a different geo location within a multi-geo environment is successfully completed. Geo moves support data residency requirements by relocating site data to the specified regional data center. | Successfully moving a site from the US to the EU geo location; Completing a relocation initiated for compliance purposes; Finishing a geo move as requested by a regional admin |
| Site administration activities | Created Sent To connection | This activity is recorded when a new 'Send To' connection is created in SharePoint. A Sent To connection defines a destination for content submission, often used with the Content Organizer or Records Center for routing documents. | Creating a new Send To connection for archiving records; Configuring a connection to route documents to a Records Center; Setting up a content organizer rule that uses a Sent To connection |
| Site administration activities | Created site collection | This activity is logged when a new site collection is created in SharePoint. Site collections are top-level containers for sites, permissions, features, and content within a SharePoint environment. | Creating a communication site for a company-wide announcement portal; Provisioning a team site collection for a department; Setting up a site collection for compliance and records management |
| Site administration activities | Deleted orphaned hub site | This activity is recorded when an orphaned hub site—one that is no longer associated with any site collections or has been improperly detached—is removed from the SharePoint environment. This helps maintain a clean and organized hub structure. | Deleting a hub site that was left after associated sites were unlinked; Removing a hub site that was unintentionally created or abandoned; Cleaning up unused hub sites during governance audits |
| Site administration activities | Deleted Sent To connection | This activity is recorded when an existing 'Send To' connection is removed from SharePoint. Sent To connections are used for routing documents, typically to a Records Center or other repository, and deleting them can affect document management workflows. | Removing a deprecated Send To connection that pointed to an old Records Center; Deleting a routing rule no longer in use; Cleaning up unused Send To destinations as part of governance |
| Site administration activities | Deleted site | This activity is logged when a SharePoint site is permanently removed from the environment. Deleting a site typically involves removing all content, permissions, and configurations associated with that site. | Deleting a project site after completion; Removing a test or staging site no longer in use; Cleaning up unused or orphaned team sites |
| Site administration activities | Enabled document preview | This activity is logged when the setting to allow document previews is enabled in SharePoint or OneDrive. Document previews provide users with the ability to view file contents directly in the browser without downloading the file. | Enabling document preview for Office files in a document library; Turning on preview for PDFs in OneDrive; Configuring site settings to allow inline document viewing |
| Site administration activities | Enabled legacy workflow | This activity is recorded when legacy workflow functionality (such as SharePoint 2010 or 2013 workflows) is enabled on a SharePoint site. These workflows are used for automating business processes, but may be phased out in favor of Power Automate. | Enabling SharePoint 2010 workflows on a new site; Activating legacy workflow features for document approval processes; Allowing the use of pre-existing workflows after site migration |
| Site administration activities | Enabled Office on Demand | This activity is logged when Office on Demand is enabled in the SharePoint or Office 365 environment. Office on Demand allows users to stream and use Office applications on a temporary basis without needing to install them permanently on the device. | Allowing users to use Word on Demand from a SharePoint document library; Enabling Office on Demand for accessing Office apps on unmanaged devices; Turning on Office on Demand for remote or mobile workers |
| Site administration activities | Enabled result source for People Searches | This activity is recorded when a result source specifically configured for People Searches is enabled in SharePoint. Result sources allow admins to scope and refine search results, helping users find relevant people within the organization. | Activating a custom result source to prioritize user profiles in search results; Enabling a directory-based result source for better People search relevance; Configuring result sources to return specific attributes like department or title |
| Site administration activities | Enabled RSS feeds | This activity is logged when RSS feeds are enabled for a SharePoint list, library, or site. RSS feeds allow users to subscribe to updates and receive notifications when items are added or changed. | Turning on RSS feeds for a document library; Allowing users to subscribe to announcements via RSS; Enabling RSS feeds on a SharePoint blog to distribute new posts |
| Site administration activities | Failed site swap | This activity is logged when an attempt to swap a SharePoint site with another site (typically replacing a root site or redirecting traffic) fails. Site swaps are used to promote a communication site to the root or replace an existing site with another. | Attempting to swap a new communication site with the existing root site, but encountering an error; Site swap failing due to insufficient permissions or site locks; A failed automated site swap initiated through PowerShell or admin center |
| Site administration activities | Joined site to hub site | This activity is recorded when a SharePoint site is associated with a hub site. Joining a hub site allows the associated site to inherit branding, navigation, and search capabilities defined by the hub. | Associating a team site with the Marketing hub site; Joining a new communication site to an existing department hub; Configuring site association via the SharePoint admin center or PowerShell |
| Site administration activities | Registered hub site | This activity is logged when a SharePoint site is registered as a hub site. Hub sites are used to organize related sites into a shared experience for search, navigation, branding, and policy enforcement. | Registering the HR portal as a hub site; Promoting a communication site to a hub for departmental use; Using PowerShell to register a hub site for regional offices |
| Site administration activities | Removed allowed data location | This activity is recorded when an administrator removes a previously configured allowed data location. These locations define where organizational data is permitted to reside, often used for compliance with data residency requirements. | Removing Europe as an allowed data location for SharePoint storage; Updating compliance settings by deleting a data residency location; Restricting data to specific geographic regions by removing others |
| Site administration activities | Removed geo location admin | This activity is logged when an administrator is removed from managing a specific geographic location within the organization's Microsoft 365 or SharePoint environment. Geo admins are responsible for overseeing data and site configurations specific to their assigned region. | Removing a regional admin for the Europe geo; Revoking geo admin rights from a user no longer managing that location; Updating geo location settings to reflect organizational changes |
| Site administration activities | Renamed site | This activity is recorded when the URL and/or name of a SharePoint site is changed. Renaming a site typically updates its display name and web address while retaining existing content, permissions, and configuration. | Changing the site URL from /sites/projectx to /sites/project-archive; Renaming a team site to reflect a new department name; Using PowerShell or the SharePoint admin center to update the site name |
| Site administration activities | Scheduled site rename | This activity is logged when a SharePoint site rename is scheduled to occur at a later time. This allows administrators to plan URL and name changes during off-hours to minimize disruption. | Scheduling the renaming of /sites/marketing to /sites/brand; Planning a site rename to align with a department reorganization; Using PowerShell to schedule a site rename for a weekend deployment |
| Site administration activities | Scheduled tenant rename | This activity is recorded when a Microsoft 365 tenant rename is scheduled. Renaming a tenant changes the default domain (e.g., yourcompany.onmicrosoft.com) used across services like SharePoint and OneDrive, and must be carefully coordinated to minimize service disruption. | Scheduling the rename of a tenant from oldname.onmicrosoft.com to newname.onmicrosoft.com; Planning a tenant rename for company rebranding; Using Microsoft 365 admin center or PowerShell to initiate tenant rename scheduling |
| Site administration activities | Started tenant rename | This activity is logged when the Microsoft 365 tenant rename process begins. This process updates the default domain name across services such as SharePoint and OneDrive and may temporarily impact access during propagation. | Initiating tenant rename from oldname.onmicrosoft.com to newname.onmicrosoft.com; Starting the domain rename process following a scheduled operation; Beginning the rename as part of a corporate rebranding effort |
| Site administration activities | Completed tenant rename | This activity is recorded when the Microsoft 365 tenant rename operation has successfully finished. It confirms that the organization's default domain name has been updated across services like SharePoint and OneDrive. | Successfully completing a tenant rename from oldname.onmicrosoft.com to newname.onmicrosoft.com; Finalizing the rename process initiated earlier for rebranding purposes; Receiving confirmation that all services have transitioned to the new domain |
| Site administration activities | Cancelled tenant rename | This activity is logged when a scheduled Microsoft 365 tenant rename operation is canceled before it begins or completes. This may occur due to a change in organizational strategy, error correction, or unresolved preconditions. | Cancelling a tenant rename from oldname.onmicrosoft.com to newname.onmicrosoft.com; Reversing a scheduled rename due to a discovered conflict; Aborting the process via Microsoft 365 admin center or PowerShell before it initiates |
| Site administration activities | Tenant rename failed | This activity is recorded when a Microsoft 365 tenant rename operation fails to complete successfully. Failures can occur due to unmet prerequisites, service conflicts, or unexpected errors during the rename process. | Tenant rename from oldname.onmicrosoft.com to newname.onmicrosoft.com failed due to unresolved dependencies; Rename process halted because of conflicting site URLs; Microsoft 365 admin center shows an error status for the tenant rename |
| Site administration activities | Scheduled site swap | This activity is recorded when a site swap is scheduled in SharePoint. A site swap replaces the root site of a SharePoint tenant with another site, often used during site redesigns or structural updates. Scheduling the swap allows administrators to control when the change occurs. | Scheduling a communication site to become the new root site; Planning a site swap for after business hours; Using PowerShell to initiate a delayed site swap operation |
| Site administration activities | Scheduled site geo move | This activity is logged when a SharePoint site is scheduled to move to a different Microsoft 365 geo-location. This allows organizations to align site data residency with regional compliance or performance requirements. | Scheduling a site move from the US geo to the EU geo; Planning a geo move to comply with regional data sovereignty laws; Using the Microsoft 365 admin center to set a future move date for a site |
| Site administration activities | Set host site | This activity is recorded when a host site is designated for a service like OneDrive or a group-connected site. The host site serves as the base for personal or group storage, and changing it affects where new content is provisioned. | Setting a new host site for OneDrive provisioning; Updating the group site host location; Using PowerShell or the admin center to configure a different host site |
| Site administration activities | Set storage quota for geo location | This activity is logged when an administrator sets or updates the storage quota for a specific geo-location in a multi-geo environment. This helps allocate storage resources based on regional needs and compliance requirements. | Assigning 500 GB of storage to the EU geo; Updating the storage quota for the Asia-Pacific geo location; Using PowerShell to set SharePoint storage limits for a region |
| Site administration activities | Swapped site | This activity is recorded when a site swap operation completes. A site swap replaces the root site of a SharePoint tenant with another site, commonly used to upgrade the root site experience. | Replacing the root site with a communication site; Completing a planned swap to restructure SharePoint hierarchy; Using PowerShell to perform the site swap |
| Site administration activities | Unjoined site from hub site | This activity is logged when a site is detached from a hub site in SharePoint. This disassociates the site from the hub's navigation, theme, and structure. | Manually unjoining a site from its current hub via site settings; Detaching a site from a hub programmatically using PowerShell; Removing a site from an organizational hub |
| Site administration activities | Unregistered hub site | This activity is recorded when a hub site registration is removed, turning the hub back into a regular site. All connected sites will no longer inherit shared properties from the hub. | Unregistering a hub site due to restructuring; Reverting a hub site to a standard site using PowerShell; Removing hub status from a site in the SharePoint admin center |
| Site administration activities | Modified site collection quota | This activity is logged when the storage quota for a SharePoint site collection is changed. This action helps manage space usage across the environment. | Increasing a site collection quota from 100 GB to 200 GB; Reducing quota to limit storage growth; Adjusting site storage manually via SharePoint admin center |
| Site administration activities | Changed site locks | This activity is recorded when a site’s lock state is modified. Locking a site restricts access for users and can be used for legal hold or maintenance scenarios. | Locking a site to prevent user access; Unlocking a site after investigation; Setting a site to 'Read-only' mode using PowerShell |
| Site administration activities | Enabled restricted OneDrive access and sharing | This activity is recorded when restricted access and sharing policies are enabled for OneDrive, limiting user actions based on organization rules. | Enabling access restrictions for OneDrive for external sharing; Applying restricted sharing settings via admin center; Using PowerShell to restrict access and sharing in OneDrive |
| Site administration activities | Disabled restricted OneDrive access and sharing | This activity is recorded when previously enabled restricted OneDrive access and sharing policies are disabled, allowing standard access rules to apply. | Disabling sharing restrictions to allow broader collaboration; Turning off restricted sharing mode for OneDrive users; Updating access policies through admin settings |
| Site administration activities | Applied Restricted Access Control for site | This activity is recorded when Restricted Access Control (RAC) is applied to a specific SharePoint site to manage access based on security or compliance needs. | Enforcing restricted access policies on a sensitive site; Applying RAC through admin portal or policy engine; Limiting user access to confidential information |
| Site administration activities | Removed Restricted Access Control for site | This activity is recorded when Restricted Access Control is removed from a site, restoring standard access permissions. | Removing RAC policies from a site no longer requiring them; Reverting to default site access settings; Disabling compliance-based access restrictions |
| Site administration activities | Updated Restricted Access Control for site | This activity is recorded when the Restricted Access Control settings are modified for a specific site. | Updating access scope for a restricted site; Modifying user restrictions on an existing RAC site; Changing applied policies based on updated compliance needs |
| Site administration activities | Applied Restricted Access Control for tenant | This activity is logged when Restricted Access Control is applied across the entire tenant to enforce access rules at the organization level. | Enabling RAC globally to restrict access to sensitive content; Applying tenant-wide data access policies; Rolling out compliance restrictions via central administration |
| Site administration activities | Updated Restricted Access Control for tenant | This activity is recorded when Restricted Access Control configurations are changed at the tenant level. | Updating global access rules for SharePoint and OneDrive; Altering user scope under tenant-wide RAC policies; Refining compliance access settings across the tenant |
| Site administration activities | Removed Restricted Access Control for tenant | This activity is recorded when tenant-wide Restricted Access Control policies are disabled or removed. | Removing global RAC restrictions for the organization; Disabling enforced compliance access at tenant level; Rolling back access controls across multiple sites |
| Site administration activities | Information Barriers Insights Report scheduled | This activity is recorded when a report is scheduled to provide insights related to Information Barriers, showing potential policy violations or segmentation breaches. | Setting up a recurring report for Information Barriers; Using the admin center to schedule insights reports; Monitoring communication compliance over time |
| Site administration activities | Information Barriers Insights Report completed | This activity is recorded when a scheduled Information Barriers Insights Report has successfully run and is available for review. | Insights report completed for communication violations; Reviewing historical report data on user segmentation; Checking report status post-execution |
| Site administration activities | Information Barriers Insights Report SharePoint section queried | This activity is recorded when the SharePoint-specific portion of an Information Barriers Insights Report is accessed or queried. | Reviewing SharePoint activity in Information Barriers report; Filtering insights by SharePoint-specific violations; Querying report logs related to SharePoint usage |
| Site administration activities | Information Barriers Insights Report OneDrive section queried | This activity is recorded when the OneDrive section of an Information Barriers Insights Report is accessed or queried. | Reviewing OneDrive data in IB reports; Filtering for OneDrive-specific activity under compliance rules; Auditing OneDrive access based on barrier policies |
| Site administration activities | Submitted migration job | This activity is recorded when a migration job is submitted to move content into or within Microsoft 365, typically using tools like SharePoint Migration Manager. | Submitting a SharePoint migration task; Using Migration Manager to upload files from on-prem; Triggering a tenant-to-tenant migration job |
| Site administration activities | Updated CollaborationInsights data collection for site | This activity is recorded when data collection settings for Collaboration Insights are updated on a specific site. | Turning on Collaboration Insights data collection; Adjusting what collaboration data is gathered on a site; Modifying settings to comply with analytics policies |
| Site administration activities | Updated CollaborationInsights report download for site | This activity is recorded when the settings for downloading Collaboration Insights reports are updated on a SharePoint site. | Changing download access for insights reports; Restricting availability of analytics reports; Allowing managers to export collaboration data |
| Site administration activities | Updated logs when DenyAddAndCustomizePages is changed | This activity is logged when the 'DenyAddAndCustomizePages' setting is modified, which controls whether users can add custom scripts to sites. | Enabling custom scripting on a classic site; Blocking custom code to enhance security; Changing DenyAddAndCustomizePages using PowerShell |
| Other SharePoint activities | User signed in to SharePoint | This activity is recorded when a user successfully signs in to SharePoint Online, either interactively or via automated systems such as background tasks or API calls. | User login through the SharePoint Online web portal; Authentication via Microsoft Teams integration; Accessing SharePoint via Microsoft Graph API; Signing in through a synced OneDrive client |
| Other SharePoint activities | Modified OneDrive and SharePoint Organization Relation configuration for a partner | This activity is recorded when a configuration change is made that affects how a partner organization interacts with your OneDrive and SharePoint environment. It may impact sharing settings, access permissions, or integration capabilities. | Changing external sharing settings for a trusted partner organization; Modifying relationship policies between your tenant and an external partner; Updating B2B collaboration configurations affecting SharePoint and OneDrive access |
| Other SharePoint activities | Enabled AIP integration | This activity is recorded when Azure Information Protection (AIP) integration is enabled for SharePoint and OneDrive, allowing sensitivity labels to be applied and enforced across files and sites. | Turning on AIP integration from the Microsoft Purview compliance portal; Enabling support for sensitivity labels in SharePoint Online and OneDrive; Activating AIP to enforce encryption and access controls on labeled documents |
| Site permissions activities | Added site collection admin | This activity is recorded when a user is granted site collection administrator permissions for a SharePoint Online site, giving them full control over all content and settings within the site collection. | Assigning a user as a site collection admin from the SharePoint admin center; Using PowerShell to add a site collection admin; Adding an external user as a site collection admin (if permitted) |
| Exchange mailbox activities | Copied messages to another folder | This activity is recorded when a user or system copies messages from one folder to another in their mailbox. | Copying emails from Inbox to a subfolder; Copying messages for archival or organization purposes |
| Exchange mailbox activities | User signed in to mailbox | This activity is recorded when a user or delegate successfully signs in to a mailbox using Outlook, Outlook Web App, or another client. | User logs in via Outlook; Accessing mailbox via mobile app |
| Exchange mailbox activities | Accessed mailbox items | This activity is recorded when a mailbox item, such as an email or calendar event, is accessed by the mailbox owner or a delegate. | Opening a message; Viewing calendar details |
| Exchange mailbox activities | Sent message using Send On Behalf permissions | This activity is recorded when a user sends an email on behalf of another user. | An assistant sends an email on behalf of their manager |
| Exchange mailbox activities | Purged messages from mailbox | This activity is recorded when messages are permanently deleted from a mailbox, bypassing or after leaving the Deleted Items folder. | Using Shift+Delete to permanently delete; Emptying the Deleted Items folder |
| Exchange mailbox activities | Moved messages to Deleted Items folder | This activity is recorded when messages are moved to the Deleted Items folder, either manually or by rule. | Deleting an email from the Inbox; Rule moves email to Deleted Items |
| Exchange mailbox activities | Moved messages to another folder | This activity is recorded when a message is relocated from one mailbox folder to another. | Drag and drop messages to another folder; Using a rule to move messages automatically |
| Exchange mailbox activities | Sent message using Send As permissions | This activity is recorded when a user sends an email as another user, using the Send As permission. | An IT admin sends a message as another user; Shared mailbox sends using Send As |
| Exchange mailbox activities | Sent message | This activity is recorded when a message is sent from a mailbox. | Sending an email from Outlook; Replying to a message from mobile |
| Exchange mailbox activities | Updated message | This activity is recorded when a user modifies the content or metadata of a message before sending or while it is in draft. | Editing the draft of a message; Changing the subject line |
| Exchange mailbox activities | Deleted messages from Deleted Items folder | This activity is recorded when emails are removed from the Deleted Items folder, either manually or through retention policies. | Emptying Deleted Items; Retention policy cleans up old deleted emails |
| Exchange mailbox activities | New-InboxRule Create inbox rule from Outlook Web App | This activity is recorded when a user creates a new inbox rule using Outlook Web App. | Creating a rule to move all emails from a specific sender to a folder |
| Exchange mailbox activities | Set-InboxRule Modify inbox rule from Outlook Web App | This activity is recorded when a user modifies an existing inbox rule via Outlook Web App. | Changing conditions or actions in an inbox rule |
| Exchange mailbox activities | Update inbox rules from Outlook Client | This activity is recorded when inbox rules are modified or updated using the Outlook desktop client. | Enabling or disabling an inbox rule from Outlook |
| Exchange mailbox activities | Added delegate mailbox permissions | This activity is recorded when a user is granted delegate access to another mailbox. | Granting calendar access to an assistant; Allowing someone to send on behalf |
| Exchange mailbox activities | Removed delegate mailbox permissions | This activity is recorded when delegate access is removed from a mailbox. | Revoking Send On Behalf permissions |
| Exchange mailbox activities | Added permissions to folder | This activity is recorded when access permissions are added to a mailbox folder. | Granting reviewer permissions to a calendar folder |
| Exchange mailbox activities | Modified permissions of folder | This activity is recorded when permissions of a mailbox folder are changed. | Upgrading read permissions to edit; Changing calendar folder access |
| Exchange mailbox activities | Removed permissions from folder | This activity is recorded when a user’s permissions to a mailbox folder are revoked. | Removing shared calendar access |
| Exchange mailbox activities | Added or removed user with delegate access to calendar folder | This activity is recorded when a user is added or removed as a delegate for calendar access. | Adding a coworker as a calendar delegate; Removing assistant’s calendar permissions |
| Exchange mailbox activities | Labeled message as a record | This activity is recorded when a message is labeled as a record using Microsoft Purview retention policies or manually by a user. | Applying a retention label that marks the message as a record |
| Retention policy and retention label activities | Created retention label | This activity is recorded when a new retention label is created in SharePoint Online or Microsoft 365 Compliance Center, defining retention policies for files and content. | Creating a retention label to retain content for a specific period; Defining a retention label to delete content after a set period; Creating a label to ensure compliance with organizational or regulatory requirements |
| Retention policy and retention label activities | Created retention policy | This activity is recorded when a new retention policy is created to apply retention labels to content across Microsoft 365. | Creating a retention policy to apply retention labels to emails and documents; Defining a retention policy to preserve or delete content automatically |
| Retention policy and retention label activities | Configured settings for a retention policy | This activity is recorded when the settings for an existing retention policy are configured or modified, such as adjusting retention periods or actions. | Adjusting the retention period for a retention policy; Configuring whether to delete content automatically after retention expires |
| Retention policy and retention label activities | Deleted retention label | This activity is recorded when a retention label is deleted from the Microsoft 365 environment, removing any retention rules associated with it. | Deleting a retention label used to retain or delete content; Removing a retention label that was no longer needed |
| Retention policy and retention label activities | Deleted retention policy | This activity is recorded when a retention policy is deleted from Microsoft 365, removing the associated retention rules for content. | Deleting a retention policy that was previously applied across SharePoint or OneDrive; Removing a retention policy that was no longer required |
| Retention policy and retention label activities | Deleted settings from a retention policy | This activity is recorded when specific settings are deleted or removed from an existing retention policy, potentially altering its behavior. | Deleting the retention duration or actions from a retention policy; Removing actions like ‘delete content after a set period’ from a retention policy |
| Retention policy and retention label activities | Updated retention label | This activity is recorded when an existing retention label is updated or modified, changing the rules for content retention or deletion. | Changing the retention period or actions associated with a retention label; Modifying the conditions for applying a retention label to documents |
| Retention policy and retention label activities | Updated retention policy | This activity is recorded when the settings or conditions of an existing retention policy are updated, such as modifying which content is retained or deleted. | Changing the scope or duration of a retention policy; Adjusting the retention actions such as ‘delete after’ or ‘preserve indefinitely’ |
| Retention policy and retention label activities | Updated settings for a retention policy | This activity is recorded when specific settings for a retention policy are updated, such as altering the retention period or the actions to take on content. | Modifying the retention actions or exceptions for a retention policy; Changing retention duration for a particular set of content |
| Retention policy and retention label activities | Enabled regulatory record option for retention labels | This activity is recorded when the regulatory record option is enabled for retention labels, ensuring that content marked with those labels is preserved for regulatory compliance. | Enabling a retention label to flag content as a regulatory record; Configuring a retention label to enforce regulatory preservation rules |
| Retention policy and retention label activities | Adaptive scope created | This activity is recorded when an adaptive scope is created, allowing retention labels or policies to be applied based on dynamic conditions or criteria. | Creating an adaptive scope for applying retention policies based on user roles; Defining a dynamic scope for a retention label that adjusts based on conditions |
| Retention policy and retention label activities | Adaptive scope edited | This activity is recorded when an adaptive scope is edited, modifying its criteria or conditions for applying retention policies or labels. | Editing the conditions of an adaptive scope to include additional content types; Changing the user criteria for applying a retention label dynamically |
| Retention policy and retention label activities | Adaptive scope removed | This activity is recorded when an adaptive scope is removed, making the associated retention labels or policies no longer applicable based on the adaptive conditions. | Removing an adaptive scope that was previously used to dynamically apply retention labels; Deleting an adaptive scope from a retention policy |
| Retention policy and retention label activities | Adaptive scope changed | This activity is recorded when the conditions or criteria of an adaptive scope are changed, impacting how retention labels or policies are applied dynamically. | Changing the parameters for applying a retention label using an adaptive scope; Modifying the scope of an adaptive policy for retention purposes |
| Retention policy and retention label activities | Adaptive policy changed | This activity is recorded when the adaptive policy applied to retention labels or content is changed, impacting how the retention or deletion rules are enforced. | Modifying an adaptive policy to update the retention rules applied to specific content; Changing an adaptive policy’s scope or duration for retention or deletion actions |
| User administration activities | Added user | This activity is recorded when a new user is added to a SharePoint site or environment, granting them access to specific resources or permissions. | Adding a new user to a SharePoint site for access; Granting a user access to a document library or other SharePoint resources; Adding a user to a group with specific permissions on a SharePoint site |
| User administration activities | Deleted user | This activity is recorded when a user is deleted from a SharePoint site or environment, revoking their access to resources and content. | Deleting a user from SharePoint, removing their access to resources; Revoking user permissions by deleting the account |
| User administration activities | Set license properties | This activity is recorded when user license properties are configured, such as assigning specific service plans or modifying user permissions related to their license. | Assigning or modifying license properties to enable specific services; Configuring license settings for user access |
| User administration activities | Reset user password | This activity is recorded when a user's password is reset, forcing the user to create a new password upon next sign-in. | Resetting a user's password for account recovery; Forcing a user to set a new password upon their next login |
| User administration activities | Changed user password | This activity is recorded when a user's password is changed, whether by the user themselves or an administrator. | A user manually changing their password in SharePoint; Administrator changing a user's password for security purposes |
| User administration activities | Changed user license | This activity is recorded when a user's license is changed, such as upgrading or downgrading their service plan. | Upgrading a user's license to access more features; Downgrading a user's license due to a change in service requirements |
| User administration activities | Updated user | This activity is recorded when a user's profile or settings are updated, including changes to roles, permissions, or contact details. | Updating a user's role or permissions; Modifying a user's contact information or other profile settings |
| User administration activities | Set property that forces user to change password | This activity is recorded when a property is set to force a user to change their password on their next login. | Enabling a policy that forces a user to change their password after a reset; Configuring user settings to require a password change at the next login |
| Azure AD group administration activities | Added group | This activity is recorded when a new group is created in Azure AD, enabling users to be grouped for easier management of permissions and access control. | Creating a new group in Azure AD to manage users for a specific project; Assigning a new group to a SharePoint site or resource |
| Azure AD group administration activities | Added member to group | The activity is recorded when a user is added to an existing group in Azure AD to grant them permissions and access to resources. | Adding a user to a security group to grant them access to a SharePoint site; Adding a member to a Microsoft 365 group for collaboration |
| Azure AD group administration activities | Removed member from group | The activity is recorded when a user is removed from an existing group in Azure AD, revoking their permissions and access to resources. | Removing a user from a security group to revoke access to a SharePoint site; Removing a member from a Microsoft 365 group to stop collaboration access |
| Application administration activities | Added service principal | The activity is recorded when a service principal is created or added in Azure AD, which represents an application or service that can authenticate and access resources. | Creating a service principal for an app to interact with SharePoint data; Registering a service principal to enable Azure AD authentication for a third-party service |
| Application administration activities | Removed a service principal from the directory | The activity is recorded when a service principal is removed from Azure AD, which disables its access to resources and services. | Deleting a service principal when it's no longer needed; Removing a service principal associated with a retired application |
| Application administration activities | Set delegation entry | The activity is recorded when delegation permissions are set for a service principal in Azure AD, allowing it to act on behalf of a user or service. | Configuring delegation for an app to access user data in SharePoint; Granting a service principal the ability to impersonate a user for certain tasks |
| Application administration activities | Removed credentials from a service principal | The activity is recorded when credentials (such as a client secret or certificate) are removed from a service principal, potentially disrupting its access. | Removing an expired client secret from a service principal; Revoking access for a service principal by removing its credentials |
| Application administration activities | Added delegation entry | The activity is recorded when a new delegation entry is added for a service principal in Azure AD, enabling the app or service to perform actions on behalf of a user or other service. | Configuring a delegation entry for an app to read SharePoint files on behalf of a user; Allowing a service principal to perform actions as another service or user |
| Application administration activities | Added credentials to a service principal | The activity is recorded when credentials (such as a client secret or certificate) are added to a service principal, enabling it to authenticate and access resources. | Adding a new client secret to a service principal for continued access to resources; Configuring new authentication credentials for a service principal |
| Application administration activities | Removed delegation entry | The activity is recorded when a delegation entry is removed from a service principal, restricting its ability to act on behalf of users or other services. | Revoking a delegation entry to stop a service principal from acting on behalf of a user; Disabling a service principal's ability to perform certain actions on behalf of another service |
| Role administration activities | Added member to Role | The activity is recorded when a user is assigned to a role in a system to grant them specific permissions and access to resources. | Assigning a user to the SharePoint site collection administrator role; Adding a user to a role in Microsoft Teams to enable specific permissions; Granting a user access to a SharePoint library by adding them to a document management role |
| Role administration activities | Removed a user from a directory role | The activity is recorded when a user is removed from a directory role, revoking their associated permissions and access within the organization. | Removing a user from an admin role in Azure AD; Revoking access for a user by removing them from a specific directory role |
| Organization administration activities | Set company contact information | The activity is recorded when an organization’s contact information is set or updated in a system, ensuring accurate company details are maintained. | Adding or updating a company's contact phone number in the directory; Changing the company's official email address in Azure AD or another directory system |
| Directory administration activities | Added a partner to the directory | The activity is recorded when a partner organization or user is added to the directory, granting them specific permissions or access to resources within the system. | Adding a partner organization to Azure AD to grant access to resources; Creating a new partner account and associating it with a directory for collaboration; Granting external partners access to specific systems or services |
| Directory administration activities | Removed a partner from the directory | The activity is recorded when a partner organization or user is removed from the directory, revoking their access to resources or services within the system. | Removing a partner organization from Azure AD to revoke access; Deleting a partner account from the directory; Revoking access for external partners to resources |
| Directory administration activities | Added domain to company | The activity is recorded when a domain is added to the company’s directory, allowing the company to use this domain for authentication, email, and other services. | Adding a new email domain to your company’s Azure AD setup; Associating a new domain with your organization for authentication purposes |
| Directory administration activities | Removed domain from company | The activity is recorded when a domain is removed from the company’s directory, preventing the domain from being used for authentication or other services. | Removing a previously registered email domain from Azure AD; Unlinking a domain from your organization’s directory |
| Directory administration activities | Updated domain | The activity is recorded when the configuration of a domain within the company’s directory is updated, such as changing domain settings or associated configurations. | Changing domain settings in Azure AD; Updating DNS records for an existing domain |
| Directory administration activities | Set domain authentication | The activity is recorded when domain authentication settings are configured for a domain, enabling or changing authentication methods for domain users. | Setting up domain authentication for secure sign-ins; Configuring authentication methods for a newly added domain |
| Directory administration activities | Verified domain | The activity is recorded when a domain is verified in the directory to confirm its ownership and enable it for use in authentication and other services. | Verifying a new domain for use in Azure AD; Confirming domain ownership to enable services like email and authentication |
| Directory administration activities | Updated the federation settings for a domain | The activity is recorded when federation settings for a domain are updated, configuring how the domain interacts with external identity providers or authentication systems. | Changing federation settings for a domain to allow single sign-on (SSO); Updating domain federation settings for Azure AD |
| Directory administration activities | Verified email verified domain | The activity is recorded when an email domain is verified in the system, confirming that it is legitimate and configured for use in email services. | Verifying an email domain to ensure it is correctly set up in Azure AD; Confirming a domain’s configuration for sending and receiving emails |
| Directory administration activities | Turned on Azure AD sync | The activity is recorded when Azure AD sync is enabled, allowing on-premises directories to synchronize with Azure Active Directory. | Enabling Azure AD sync to synchronize user and group information; Activating hybrid identity synchronization with Azure AD |
| Directory administration activities | Set password policy | The activity is recorded when a password policy is set or modified, controlling password complexity and security requirements for users within the directory. | Setting password complexity rules for user accounts in Azure AD; Configuring password expiration policies for directory users |
| Directory administration activities | Set company information | The activity is recorded when company information is set or updated in the directory, such as the company’s name, contact information, and other settings. | Updating the company’s name or contact details in Azure AD; Changing organizational details for your directory |
| eDiscovery activities | Created content search | The activity is recorded when a user or compliance administrator creates a content search using Microsoft Purview (formerly Microsoft 365 compliance center) to locate email, documents, or other content across Microsoft 365 services. | Creating a content search to find emails from a specific user; Searching SharePoint documents containing sensitive keywords; Running a search to gather Teams messages related to a case |
| eDiscovery activities | Deleted content search | The activity is recorded when a user or compliance administrator deletes a content search from Microsoft Purview. | Removing outdated content searches; Clearing test searches from the compliance center |
| eDiscovery activities | Changed content search | The activity is recorded when a user modifies parameters of an existing content search. | Updating keywords or conditions in a search; Adding or removing data locations |
| eDiscovery activities | Started content search | The activity is recorded when a user initiates a content search to retrieve matching items. | Running a query to return content from specific mailboxes; Searching SharePoint sites for compliance-related data |
| eDiscovery activities | Stopped content search | The activity is recorded when a user cancels a running content search. | Halting a search to adjust filters; Aborting a search taking too long to run |
| eDiscovery activities | Started export of content search | The activity is recorded when a user starts exporting results of a content search. | Downloading email search results; Exporting SharePoint documents from a case |
| eDiscovery activities | Started export report | The activity is recorded when a user starts exporting a report generated from a content search. | Downloading summary or metadata reports; Exporting search activity reports |
| eDiscovery activities | Viewed search | The activity is recorded when a user views details of a content search. | Opening a saved search to check its criteria; Reviewing results before exporting |
| eDiscovery activities | Previewed results of content search | The activity is recorded when a user previews the results returned from a content search. | Viewing email snippets from search results; Browsing found files within the compliance center |
| eDiscovery activities | Purged results of content search | The activity is recorded when a user initiates a purge action on content identified in a search. | Deleting sensitive emails identified in a search; Removing matching Teams messages |
| eDiscovery activities | Started analysis of content search | The activity is recorded when a user begins analysis on search results for further insight or refinement. | Triggering analytics to summarize content findings; Identifying themes in search results |
| eDiscovery activities | Removed export of content search | The activity is recorded when a user deletes an exported content search package. | Clearing downloaded export files; Deleting export sessions no longer needed |
| eDiscovery activities | Removed preview results of content search | The activity is recorded when a user clears the preview data shown from a content search. | Removing temporary preview data; Resetting preview cache |
| eDiscovery activities | Removed purge action performed on content search | The activity is recorded when a purge action previously initiated from a content search is withdrawn. | Undoing a previous deletion of results; Cancelling a sensitive purge job |
| eDiscovery activities | Removed analysis of content search | The activity is recorded when a user deletes or cancels the analysis results of a content search. | Clearing analysis data after review; Stopping automated insights |
| eDiscovery activities | Removed search report | The activity is recorded when a user deletes the report generated from a search operation. | Removing compliance center summary reports; Deleting detailed export logs |
| eDiscovery activities | Content search preview item listed | The activity is recorded when an item is listed as part of a preview in a content search. | Viewing a document in the preview list; Email listed in preview before download |
| eDiscovery activities | Content search preview item viewed | The activity is recorded when a specific item is opened from the preview results of a content search. | Opening a Teams message in preview; Viewing the content of an email from results |
| eDiscovery activities | Content search preview item downloaded | The activity is recorded when a preview item from search results is downloaded. | Downloading a file from preview; Saving an email locally from search preview |
| eDiscovery activities | Downloaded export of content search | The activity is recorded when the user downloads the exported content search results. | Retrieving exported files; Downloading bulk results from a case |
| eDiscovery activities | Created search permissions filter | The activity is recorded when a filter is applied to restrict or scope content search permissions. | Restricting search to specific locations; Limiting search actions to compliance staff |
| eDiscovery activities | Deleted search permissions filter | The activity is recorded when a search permissions filter is removed. | Clearing outdated permission filters; Removing custom search scopes |
| eDiscovery activities | Changed search permissions filter | The activity is recorded when an existing search permissions filter is modified. | Updating filter to include new user; Changing data location scope |
| eDiscovery activities | Created hold in eDiscovery case | The activity is recorded when a legal hold is created to preserve content in an eDiscovery case. | Placing hold on a mailbox; Holding content from SharePoint sites |
| eDiscovery activities | Deleted hold in eDiscovery case | The activity is recorded when a hold is removed from an eDiscovery case. | Lifting hold after case resolution; Removing content protection |
| eDiscovery activities | Changed hold in eDiscovery case | The activity is recorded when an existing hold is updated within an eDiscovery case. | Modifying locations or users under hold; Changing retention criteria |
| eDiscovery activities | Created eDiscovery case | The activity is recorded when a new case is created within Microsoft Purview eDiscovery. | Opening an investigation case; Initiating a compliance inquiry |
| eDiscovery activities | Deleted eDiscovery case | The activity is recorded when an existing eDiscovery case is deleted. | Cleaning up closed cases; Removing duplicate cases |
| eDiscovery activities | Changed eDiscovery case | The activity is recorded when metadata or settings of an eDiscovery case are modified. | Renaming a case; Adjusting case description or tags |
| eDiscovery activities | Viewed eDiscovery case | The activity is recorded when a user views details of an eDiscovery case. | Opening the case dashboard; Reviewing case members or hold status |
| eDiscovery activities | Added member to eDiscovery case | The activity is recorded when a user is added to an eDiscovery case. | Assigning investigators to a case; Granting access to compliance staff |
| eDiscovery activities | Removed member from eDiscovery case | The activity is recorded when a user is removed from an eDiscovery case. | Revoking case access; Removing a user who no longer needs access |
| eDiscovery activities | Changed eDiscovery case membership | The activity is recorded when changes are made to users assigned to an eDiscovery case. | Updating case access roles; Modifying case participants |
| eDiscovery activities | Created eDiscovery administrator | The activity is recorded when a user is assigned eDiscovery admin role. | Granting elevated compliance permissions; Assigning global search capabilities |
| eDiscovery activities | Deleted eDiscovery administrator | The activity is recorded when a user's eDiscovery admin role is removed. | Revoking eDiscovery admin access; Clearing elevated roles |
| eDiscovery activities | Changed eDiscovery administrator membership | The activity is recorded when membership changes are made to eDiscovery administrator role group. | Adding or removing members from the admin group; Adjusting permissions for compliance roles |
| eDiscovery activities | Remediation action created | The activity is recorded when a remediation action is created following a data governance policy. | Creating a workflow to delete flagged content; Setting up automated policy enforcement |
| eDiscovery activities | Item deleted using Remediation | The activity is recorded when a specific item is deleted as a result of a remediation action. | Deleting malware-infected file; Removing non-compliant messages |
| eDiscovery cmdlet activities | Created content search action | The activity is recorded when a user or system initiates a specific action (e.g., export, preview, purge) on a previously created content search within Microsoft Purview eDiscovery. | Initiating the export of results from a content search; Starting a purge action to delete items from a content search result; Previewing search results using eDiscovery tools; Running PowerShell cmdlets like New-ComplianceSearchAction |
| eDiscovery cmdlet activities | Deleted content search action | The activity is recorded when a user or system removes an action (such as export, preview, or purge) previously associated with a content search in Microsoft Purview eDiscovery. | Removing a purge action from a content search; Deleting an export action for a content search; Clearing a preview configuration set on a search |
| eDiscovery cmdlet activities | Created search query for eDiscovery case hold | The activity is recorded when a user or system creates a new query to define the scope of content to be preserved in an eDiscovery case hold. | Creating a new query with specific keywords for a hold; Targeting specific users or groups in a hold query; Running PowerShell cmdlets like New-CaseHoldPolicy |
| eDiscovery cmdlet activities | Deleted search query for eDiscovery case hold | The activity is recorded when a user or system deletes an existing query that was used to define the scope of content in an eDiscovery case hold. | Removing a keyword-based query from a hold; Deleting scope conditions from an active hold policy; Running Remove-CaseHoldPolicy to clear hold settings |
| eDiscovery cmdlet activities | Changed search query for eDiscovery case hold | The activity is recorded when a user or system updates an existing query that defines which content is preserved in an eDiscovery case hold. | Updating the keywords or conditions in an existing query; Changing target users in a hold policy; Modifying the content location or time range for a hold |
| eDiscovery (Premium) activities | Created workingset search | The activity is recorded when a user or system creates a workingset search within Microsoft Purview eDiscovery (Premium) to identify and collect data relevant to a case. | Creating a new search to collect content for review in a case; Using the eDiscovery (Premium) portal to define search parameters; Running a workingset search to prepare data for analytics or review |
| eDiscovery (Premium) activities | Updated workingset search | The activity is recorded when a user or system updates a previously created workingset search within eDiscovery (Premium). | Modifying search parameters in a workingset search; Adjusting the data collection scope for a workingset search |
| eDiscovery (Premium) activities | Deleted workingset search | The activity is recorded when a user or system deletes a previously created workingset search in eDiscovery (Premium). | Removing a search from the list of active workingset searches |
| eDiscovery (Premium) activities | Previewed workingset search | The activity is recorded when a user or system previews the results of a workingset search in eDiscovery (Premium). | Viewing the results of a workingset search before executing or exporting |
| File and page activities | Document viewed | The activity is recorded when a user or system views a document without editing or altering its content in a supported platform. | Opening a document in read-only mode; Previewing a document; Viewing a document |
| File and page activities | Document annotated | The activity is recorded when a user or system annotates a document, such as adding comments or markings in a supported platform. | Adding notes to a document; Highlighting text within a document |
| File and page activities | Document downloaded | The activity is recorded when a user or system downloads a document from a supported platform. | Downloading a document from SharePoint or OneDrive; Saving a document to a local drive from Teams |
| Content management activities | Tag created | The activity is recorded when a user or system creates a new tag for categorizing content. | Creating a new tag to classify documents; Labeling files with a new tag for sorting |
| Content management activities | Tag edited | The activity is recorded when a user or system edits an existing tag, such as renaming or modifying its properties. | Renaming an existing tag; Changing the properties of a tag |
| Content management activities | Tag deleted | The activity is recorded when a user or system deletes a tag from a content item. | Removing a tag from a document; Deleting a tag from a collection of files |
| Content management activities | Tag files | The activity is recorded when a user or system assigns a tag to a set of files or documents for categorization. | Applying a tag to multiple files; Tagging a batch of documents for classification |
| Content management activities | Tag job | The activity is recorded when a user or system creates or manages a job specifically for tagging files. | Creating a batch job for tagging files; Managing a job for tagging content in bulk |
| eDiscovery activities | Created review set | The activity is recorded when a user or system creates a new review set for document review during an eDiscovery process. | Creating a new review set to organize documents for review; Defining a review set to segregate documents for legal review |
| eDiscovery activities | Added O365 data | The activity is recorded when Office 365 data, such as emails or documents, is added to a review or collection set in eDiscovery. | Including Office 365 emails or documents in a review set; Adding O365 data for legal hold or case review |
| eDiscovery activities | Added non-office data | The activity is recorded when non-Office data (e.g., PDFs, images) is added to an eDiscovery case or review set. | Adding non-Office content like PDFs to an eDiscovery case; Incorporating non-Office data types into an investigation |
| eDiscovery activities | Added data to another workingset | The activity is recorded when data is added to a different workingset in eDiscovery for review or analysis. | Adding documents from one search to another workingset; Organizing data into multiple workingsets for investigation |
| eDiscovery activities | Added remediated data | The activity is recorded when data that has been remediated (e.g., deleted, moved) is added to an eDiscovery review set. | Including remediated content in an ongoing review process; Adding deleted or edited data to an investigation case |
| eDiscovery activities | Run algo job | The activity is recorded when a user or system runs an algorithmic job as part of a content review or analysis process. | Running an algorithmic analysis on document sets; Using an algorithm for categorizing or reviewing content |
| eDiscovery activities | Run export job | The activity is recorded when a user or system runs a job to export content from an eDiscovery case for further processing or review. | Running an export job to extract documents from a case; Exporting content for external legal analysis |
| eDiscovery activities | Run burn job | The activity is recorded when a user or system runs a burn job, typically used for the permanent removal or destruction of data. | Running a burn job to permanently delete content; Executing a burn job on documents in a case |
| eDiscovery activities | Run error remediation job | The activity is recorded when a user or system runs an error remediation job to correct issues in data or configurations within an eDiscovery process. | Running a remediation job to fix errors in eDiscovery data; Executing a job to correct issues with the review or export process |
| eDiscovery activities | Run load comparison job | The activity is recorded when a user or system runs a load comparison job to compare datasets in eDiscovery. | Running a comparison between datasets to identify differences; Using a load comparison job to check the integrity of the data |
| eDiscovery activities | Updated case settings | The activity is recorded when a user or system updates the settings of an eDiscovery case, such as altering legal hold parameters or review set configurations. | Modifying settings for an eDiscovery case; Adjusting configurations for review or legal hold |
| eDiscovery activities | Created communication | The activity is recorded when a user or system creates a new communication for stakeholders in an eDiscovery case. | Creating a new communication within an eDiscovery case; Drafting communication to notify stakeholders |
| eDiscovery activities | Issued communication | The activity is recorded when a user or system issues a communication to a recipient or group as part of an eDiscovery case process. | Issuing a notification to legal or compliance teams; Sending out case-related communications |
| eDiscovery activities | Reissued communication | The activity is recorded when a user or system reissues a previously sent communication to stakeholders in an eDiscovery case. | Re-sending a previously issued communication due to an error; Resending communications to ensure delivery |
| eDiscovery activities | Sent communication reminder | The activity is recorded when a user or system sends a reminder about a communication that was previously issued in an eDiscovery case. | Sending reminders about upcoming deadlines in an eDiscovery case; Following up with recipients regarding communications |
| eDiscovery activities | Sent communication escalation | The activity is recorded when a user or system sends an escalation communication to notify a higher authority about an eDiscovery case issue. | Escalating an issue within an eDiscovery case to senior management; Sending a communication to a higher authority due to unresolved issues |
| eDiscovery activities | Acknowledged communication | The activity is recorded when a recipient acknowledges receipt of a communication in the context of an eDiscovery case. | Acknowledging the receipt of a communication in a case; Confirming receipt of an eDiscovery case-related message |
| eDiscovery activities | Created custodian | The activity is recorded when a user or system creates a custodian within an eDiscovery case for the management of legal hold and data collection. | Adding a custodian to an eDiscovery case; Creating a new custodian to manage data preservation |
| eDiscovery activities | Updated custodian | The activity is recorded when a user or system updates the details or status of a custodian in an eDiscovery case. | Updating a custodian’s information in the eDiscovery case; Changing the status of a custodian (e.g., from active to released) |
| eDiscovery activities | Released custodian | The activity is recorded when a user or system releases a custodian from a legal hold in an eDiscovery case. | Releasing a custodian from a legal hold; Removing a custodian from the eDiscovery case |
| eDiscovery activities | Reactivated custodian | The activity is recorded when a user or system reactivates a custodian that was previously released in an eDiscovery case. | Reactivating a custodian for further data preservation; Bringing a custodian back into the eDiscovery case |
| eDiscovery activities | Viewed custodian | The activity is recorded when a user or system views the details of a custodian in an eDiscovery case. | Viewing custodian details or status in an eDiscovery case; Checking the custodian’s participation in a legal hold |
| eDiscovery activities | Created non-custodial data source | The activity is recorded when a user or system creates a non-custodial data source in an eDiscovery case for data collection purposes. | Adding a non-custodial data source to an eDiscovery case; Including a non-custodial data source for review or preservation |
| eDiscovery activities | Updated non-custodial data source | The activity is recorded when a user or system updates the details of a non-custodial data source in an eDiscovery case. | Modifying the details of a non-custodial data source; Updating the configurations for non-custodial data collection |
| eDiscovery activities | Released non-custodial data source | The activity is recorded when a user or system releases a non-custodial data source from a legal hold in an eDiscovery case. | Releasing a non-custodial data source from a legal hold; Removing a non-custodial data source from an eDiscovery case |
| eDiscovery activities | Viewed non-custodial data source | The activity is recorded when a user or system views the details of a non-custodial data source in an eDiscovery case. | Viewing the status of a non-custodial data source; Checking the details of a non-custodial data source for review |
| eDiscovery activities | Created collection | The activity is recorded when a user or system creates a collection within an eDiscovery case for data preservation or review. | Creating a new collection to group documents in an eDiscovery case; Adding content to a newly created collection |
| eDiscovery activities | Deleted collection | The activity is recorded when a user or system deletes a collection in an eDiscovery case. | Deleting a collection from an eDiscovery case; Removing a collection of documents from review |
| eDiscovery activities | Updated collection | The activity is recorded when a user or system updates a collection within an eDiscovery case. | Modifying a collection's settings or content; Updating a collection in the eDiscovery case for further analysis |
| eDiscovery activities | Upgraded standard cases and searches to premium | The activity is recorded when a user or system upgrades standard eDiscovery cases and searches to premium level. | Upgrading a standard case or search to a premium version; Enhancing the capabilities of an eDiscovery case or search by upgrading |
| eDiscovery activities | Upgraded content searches to premium | The activity is recorded when a user or system upgrades a content search to premium level for more advanced eDiscovery features. | Upgrading a content search to unlock premium features; Enhancing the functionality of a content search with premium capabilities |
| eDiscovery activities | Upgraded user data searches to premium | The activity is recorded when a user or system upgrades user data searches to premium level to unlock advanced features and capabilities. | Upgrading a user data search to premium for more advanced filtering; Enhancing search results with premium capabilities in eDiscovery |
| eDiscovery activities | Export viewed | The activity is recorded when a user or system views an export of data or content, such as a report or extracted dataset. | Viewing the details of an export in an eDiscovery case; Reviewing the results of a data export |
| eDiscovery activities | Approved guest user invitation | The activity is recorded when a user or system approves the invitation of a guest user to participate in an eDiscovery case. | Approving a guest user’s invitation to access the eDiscovery case; Allowing a guest user to join the case for review or analysis |
| eDiscovery activities | Added guest user to case | The activity is recorded when a guest user is added to an eDiscovery case for participation or review. | Assigning a guest user to an eDiscovery case for collaboration; Adding a guest user to a review set |
| eDiscovery activities | Added guest user to reviewer role group | The activity is recorded when a guest user is assigned to a reviewer role group in an eDiscovery case for review tasks. | Assigning a guest user to the reviewer group for an eDiscovery case; Giving a guest user access to review documents |
| eDiscovery activities | Canceled guest user invitation | The activity is recorded when a guest user invitation is canceled, preventing the user from accessing the eDiscovery case. | Canceling a pending guest user invitation for an eDiscovery case; Revoking a guest user’s invitation before it’s accepted |
| eDiscovery activities | Invited guest user | The activity is recorded when a guest user is invited to participate in an eDiscovery case or legal process. | Sending an invitation to a guest user for case participation; Inviting a guest user to review or collaborate in an eDiscovery case |
| eDiscovery activities | Rejected request to invite guest | The activity is recorded when a request to invite a guest user is rejected, preventing their participation in the case. | Rejecting a request to invite a guest user into an eDiscovery case; Declining an invitation request for a guest user |
| eDiscovery activities | Sent guest user invitation | The activity is recorded when a user or system sends an invitation to a guest user to join an eDiscovery case or process. | Sending an invitation for a guest user to join a review team; Inviting a guest user to participate in a legal hold process |
| eDiscovery activities | Initiated guest account creation | The activity is recorded when a user or system starts the process of creating a guest account for a new user in an eDiscovery case. | Initiating the creation of a guest user account for eDiscovery case access; Starting the process to onboard a new guest user |
| eDiscovery activities | Turned off guest users | The activity is recorded when a user or system disables the ability for guest users to participate in an eDiscovery case. | Disabling guest users' access to an eDiscovery case; Turning off guest user permissions in a legal hold process |
| eDiscovery activities | Turned on guest users | The activity is recorded when a user or system enables guest user participation in an eDiscovery case. | Enabling guest users to access and participate in an eDiscovery case; Turning on guest user permissions for case collaboration |
| eDiscovery activities | Removed guest user from eDiscovery | The activity is recorded when a guest user is removed from an eDiscovery case, preventing further access or participation. | Removing a guest user from an eDiscovery case or review set; Revoking a guest user’s access to eDiscovery data |
| eDiscovery activities | Removed guest user from case | The activity is recorded when a guest user is removed from an eDiscovery case. | Removing a guest user from an ongoing eDiscovery case; Revoking a guest user’s participation in the case review |
| eDiscovery activities | Removed guest user from reviewer role group | The activity is recorded when a guest user is removed from the reviewer role group in an eDiscovery case. | Removing a guest user from the reviewer role group in an eDiscovery case; Revoking a guest user's reviewer permissions |
| Microsoft Fabric activities | Viewed Power BI dashboard | The activity is recorded when a user or system opens, previews, or views a Power BI dashboard without editing or altering its content. | Opening a Power BI dashboard in read-only mode; Previewing a Power BI dashboard; Viewing a Power BI dashboard; Accessing a Power BI dashboard through an API call or automated process; Downloading a Power BI dashboard from its original location |
| Microsoft Fabric activities | Created Power BI dashboard | The activity is recorded when a user or system creates a Power BI dashboard. | Creating a new Power BI dashboard; Setting up data and visuals for a new dashboard |
| Microsoft Fabric activities | Edited Power BI dashboard | The activity is recorded when a user or system edits an existing Power BI dashboard. | Modifying visuals or data in an existing Power BI dashboard; Changing the layout or design of a Power BI dashboard |
| Microsoft Fabric activities | Deleted Power BI dashboard | The activity is recorded when a user or system deletes a Power BI dashboard. | Removing a Power BI dashboard from the workspace; Deleting a dashboard in Power BI service |
| Microsoft Fabric activities | Shared Power BI dashboard | The activity is recorded when a user or system shares a Power BI dashboard with others. | Sharing a dashboard with colleagues in Power BI; Setting sharing permissions for a Power BI dashboard |
| Microsoft Fabric activities | Printed Power BI dashboard | The activity is recorded when a user or system prints a Power BI dashboard. | Printing a Power BI dashboard report; Printing visuals from a Power BI dashboard |
| Microsoft Fabric activities | Copied Power BI dashboard | The activity is recorded when a user or system copies a Power BI dashboard. | Duplicating a Power BI dashboard; Copying a dashboard to a different workspace |
| Microsoft Fabric activities | Viewed Power BI tile | The activity is recorded when a user or system views a tile in a Power BI dashboard. | Viewing a tile on a Power BI dashboard; Accessing a specific tile in a report |
| Microsoft Fabric activities | Exported Power BI tile data | The activity is recorded when a user or system exports the data from a Power BI tile. | Exporting data from a Power BI dashboard tile; Downloading data from a Power BI report tile |
| Microsoft Fabric activities | Viewed Power BI report | The activity is recorded when a user or system views a Power BI report. | Opening and viewing a Power BI report; Viewing a Power BI report in the service |
| Microsoft Fabric activities | Deleted Power BI report | The activity is recorded when a user or system deletes a Power BI report. | Deleting a Power BI report from the workspace; Removing a Power BI report permanently |
| Microsoft Fabric activities | Printed Power BI report page | The activity is recorded when a user or system prints a page from a Power BI report. | Printing a page of a Power BI report; Printing a specific visual from a Power BI report |
| Microsoft Fabric activities | Downloaded Power BI report | The activity is recorded when a user or system downloads a Power BI report. | Downloading a Power BI report in .pbix format; Exporting a Power BI report for offline use |
| Microsoft Fabric activities | Published Power BI report to web | The activity is recorded when a user or system publishes a Power BI report to the web. | Publishing a Power BI report publicly to the web; Sharing a Power BI report via a public URL |
| Microsoft Fabric activities | Exported Power BI report visual data | The activity is recorded when a user or system exports the visual data from a Power BI report. | Exporting visual data from a Power BI report; Downloading visual elements from a Power BI report |
| Microsoft Fabric activities | Created Power BI report | The activity is recorded when a user or system creates a new Power BI report. | Creating a new Power BI report from scratch; Building a Power BI report with data and visuals |
| Microsoft Fabric activities | Edited Power BI report | The activity is recorded when a user or system edits an existing Power BI report. | Modifying visuals or data in a Power BI report; Changing the structure of a Power BI report |
| Microsoft Fabric activities | Copied Power BI report | The activity is recorded when a user or system copies a Power BI report. | Duplicating a Power BI report; Copying a Power BI report to another workspace |
| Microsoft Fabric activities | Exported Power BI artifact to another file format | The activity is recorded when a user or system exports a Power BI artifact to a different file format. | Exporting a Power BI report to PDF or Excel; Converting a Power BI artifact to another file format |
| Microsoft Fabric activities | Export Power BI activity events | The activity is recorded when a user or system exports Power BI activity events. | Exporting logs or events from Power BI; Downloading activity events from Power BI |
| Microsoft Fabric activities | Updated Power BI workspace access | The activity is recorded when a user or system updates access settings for a Power BI workspace. | Changing permissions for users in a Power BI workspace; Modifying access rights for a Power BI workspace |
| Microsoft Fabric activities | Restored Power BI workspace | The activity is recorded when a user or system restores a Power BI workspace. | Restoring a deleted Power BI workspace; Recovering a workspace from a backup |
| Microsoft Fabric activities | Updated Power BI workspace | The activity is recorded when a user or system updates a Power BI workspace. | Updating settings or configuration of a Power BI workspace; Modifying the data sources in a Power BI workspace |
| Microsoft Fabric activities | Viewed Power BI metadata | The activity is recorded when a user or system views metadata for a Power BI report or dataset. | Accessing the metadata for a Power BI report; Viewing the properties of a Power BI dataset |
| Microsoft Fabric activities | Created Power BI dataset | The activity is recorded when a user or system creates a Power BI dataset. | Creating a new dataset in Power BI; Importing data to a Power BI dataset |
| Microsoft Fabric activities | Deleted Power BI dataset | The activity is recorded when a user or system deletes a Power BI dataset. | Removing a dataset from Power BI; Deleting a dataset from the Power BI workspace |
| Microsoft Fabric activities | Created Power BI group | The activity is recorded when a user or system creates a Power BI group. | Creating a new Power BI group; Setting up a Power BI group for a workspace |
| Microsoft Fabric activities | Deleted Power BI group | The activity is recorded when a user or system deletes a Power BI group. | Removing a Power BI group; Deleting a Power BI group from the workspace |
| Microsoft Fabric activities | Added Power BI group members | The activity is recorded when a user or system adds members to a Power BI group. | Adding users to a Power BI group; Inviting members to a Power BI workspace |
| Microsoft Fabric activities | Get Power BI group users | The activity is recorded when a user or system retrieves the list of users in a Power BI group. | Fetching the members of a Power BI group; Getting users from a Power BI workspace |
| Microsoft Fabric activities | Retrieved Power BI groups | The activity is recorded when a user or system retrieves a list of Power BI groups. | Accessing the list of available Power BI groups; Fetching the groups in a Power BI workspace |
| Microsoft Fabric activities | Retrieved Power BI dashboards | The activity is recorded when a user or system retrieves Power BI dashboards. | Fetching Power BI dashboards from a workspace; Retrieving dashboards available in Power BI |
| Microsoft Fabric activities | Retrieved data sources from Power BI dataset | The activity is recorded when a user or system retrieves data sources from a Power BI dataset. | Getting data sources linked to a Power BI dataset; Retrieving data sources used in a Power BI report |
| Microsoft Fabric activities | Retrieved upstream dataflows from Power BI dataflow | The activity is recorded when a user or system retrieves upstream dataflows from a Power BI dataflow. | Accessing dataflows that feed into a Power BI dataflow; Retrieving upstream data sources for a Power BI dataflow |
| Microsoft Fabric activities | Retrieved data sources from Power BI dataflow | The activity is recorded when a user or system retrieves data sources from a Power BI dataflow. | Fetching data sources from a Power BI dataflow; Accessing sources linked to a Power BI dataflow |
| Microsoft Fabric activities | Removed Power BI group members | The activity is recorded when a user or system removes members from a Power BI group. | Removing users from a Power BI group; Revoking access to a Power BI workspace |
| Microsoft Fabric activities | Retrieved links between datasets and dataflows | The activity is recorded when a user or system retrieves the links between Power BI datasets and dataflows. | Fetching the relationships between Power BI datasets and dataflows; Accessing the linked data sources in Power BI |
| Microsoft Fabric activities | Retrieved Power BI refreshables | The activity is recorded when a user or system retrieves Power BI refreshable datasets. | Getting the list of datasets that can be refreshed in Power BI; Retrieving refreshable datasets in a Power BI workspace |
| Microsoft Fabric activities | Retrieved Power BI refreshables for capacity | The activity is recorded when a user or system retrieves refreshable datasets for a Power BI capacity. | Fetching datasets that can be refreshed for a specific Power BI capacity; Retrieving refreshable data sources for Power BI capacity |
| Microsoft Fabric activities | Retrieved Power BI refreshable by ID | The activity is recorded when a user or system retrieves a specific refreshable Power BI dataset by its ID. | Fetching a specific refreshable dataset in Power BI by ID; Retrieving a refreshable dataset using its unique identifier |
| Microsoft Fabric activities | Retrieved Power BI dashboard tiles | The activity is recorded when a user or system retrieves the tiles of a Power BI dashboard. | Accessing the tiles from a Power BI dashboard; Retrieving individual tiles of a Power BI report |
| Microsoft Fabric activities | Retrieved Power BI dataflows | The activity is recorded when a user or system retrieves Power BI dataflows. | Fetching Power BI dataflows from a workspace; Retrieving dataflows available in Power BI |
| Microsoft Fabric activities | Retrieved Power BI datasets | The activity is recorded when a user or system retrieves Power BI datasets. | Fetching Power BI datasets from a workspace; Retrieving datasets in a Power BI report |
| Microsoft Fabric activities | Retrieved Power BI tenant keys | The activity is recorded when a user or system retrieves Power BI tenant keys. | Accessing Power BI tenant keys for authentication; Fetching security keys for Power BI tenant |
| Microsoft Fabric activities | Retrieved Power BI imports | The activity is recorded when a user or system retrieves Power BI imports. | Fetching imported data in Power BI; Retrieving data imports in Power BI workspace |
| Microsoft Fabric activities | Retrieved Power BI apps | The activity is recorded when a user or system retrieves Power BI apps. | Fetching Power BI apps from the workspace; Retrieving available apps in Power BI |
| Microsoft Fabric activities | Retrieved Power BI app users | The activity is recorded when a user or system retrieves users of a Power BI app. | Fetching users assigned to a Power BI app; Retrieving users associated with a Power BI app |
| Microsoft Fabric activities | Retrieved Power BI group users | The activity is recorded when a user or system retrieves users of a Power BI group. | Fetching users in a Power BI group; Retrieving members of a Power BI group |
| Microsoft Fabric activities | Retrieved Power BI capacity users | The activity is recorded when a user or system retrieves users associated with a Power BI capacity. | Fetching users assigned to a Power BI capacity; Retrieving users using a specific Power BI capacity |
| Microsoft Fabric activities | Retrieved Power BI report users | The activity is recorded when a user or system retrieves users with access to a Power BI report. | Fetching users assigned to a Power BI report; Retrieving users with access to a specific Power BI report |
| Microsoft Fabric activities | Retrieved Power BI dashboard users | The activity is recorded when a user or system retrieves users with access to a Power BI dashboard. | Fetching users assigned to a Power BI dashboard; Retrieving users with access to a specific Power BI dashboard |
| Microsoft Fabric activities | Retrieved Power BI dataset users | The activity is recorded when a user or system retrieves users associated with a Power BI dataset. | Fetching users assigned to a Power BI dataset; Retrieving users who have access to a Power BI dataset |
| Microsoft Fabric activities | Retrieved Power BI dataflow users | The activity is recorded when a user or system retrieves users associated with a Power BI dataflow. | Fetching users assigned to a Power BI dataflow; Retrieving users who have access to a Power BI dataflow |
| Microsoft Fabric activities | Retrieved Power BI gateway users | The activity is recorded when a user or system retrieves users associated with a Power BI gateway. | Fetching users assigned to a Power BI gateway; Retrieving users who have access to a Power BI gateway |
| Microsoft Fabric activities | Retrieved Power BI gateway datasource users | The activity is recorded when a user or system retrieves users associated with a Power BI gateway data source. | Fetching users assigned to a Power BI gateway data source; Retrieving users with access to a Power BI gateway data source |
| Microsoft Fabric activities | Retrieved Power BI apps for user | The activity is recorded when a user or system retrieves the apps assigned to a specific Power BI user. | Fetching apps assigned to a specific Power BI user; Retrieving the Power BI apps available to a user |
| Microsoft Fabric activities | Retrieved Power BI groups for user | The activity is recorded when a user or system retrieves Power BI groups associated with a specific user. | Fetching groups associated with a Power BI user; Retrieving Power BI groups a user is part of |
| Microsoft Fabric activities | Retrieved Power BI capacities for user | The activity is recorded when a user or system retrieves the capacities associated with a specific Power BI user. | Fetching Power BI capacities assigned to a user; Retrieving the Power BI capacities a user has access to |
| Microsoft Fabric activities | Retrieved Power BI reports for user | The activity is recorded when a user or system retrieves the reports assigned to a specific Power BI user. | Fetching reports assigned to a specific Power BI user; Retrieving the Power BI reports available to a user |
| Microsoft Fabric activities | Retrieved Power BI dashboards for user | The activity is recorded when a user or system retrieves the dashboards assigned to a specific Power BI user. | Fetching dashboards assigned to a specific Power BI user; Retrieving the Power BI dashboards available to a user |
| Microsoft Fabric activities | Retrieved Power BI datasets for user | The activity is recorded when a user or system retrieves the datasets assigned to a specific Power BI user. | Fetching datasets assigned to a specific Power BI user; Retrieving the Power BI datasets available to a user |
| Microsoft Fabric activities | Retrieved Power BI dataflows for user | The activity is recorded when a user or system retrieves the dataflows associated with a specific Power BI user. | Fetching dataflows assigned to a specific Power BI user; Retrieving the Power BI dataflows available to a user |
| Microsoft Fabric activities | Retrieved Power BI gateways for user | The activity is recorded when a user or system retrieves the gateways associated with a specific Power BI user. | Fetching gateways assigned to a specific Power BI user; Retrieving the Power BI gateways available to a user |
| Microsoft Fabric activities | Retrieved Power BI datasources for user | The activity is recorded when a user or system retrieves the data sources associated with a specific Power BI user. | Fetching data sources assigned to a specific Power BI user; Retrieving the Power BI data sources available to a user |
| Microsoft Fabric activities | Retrieved Power BI subscriptions for dashboard | The activity is recorded when a user or system retrieves Power BI subscriptions for a specific dashboard. | Fetching subscriptions for a Power BI dashboard; Retrieving Power BI subscriptions for a specific dashboard |
| Microsoft Fabric activities | Retrieved Power BI subscriptions for report | The activity is recorded when a user or system retrieves Power BI subscriptions for a specific report. | Fetching subscriptions for a Power BI report; Retrieving Power BI subscriptions for a specific report |
| Microsoft Fabric activities | Retrieved Power BI subscriptions for user | The activity is recorded when a user or system retrieves the Power BI subscriptions for a specific user. | Fetching subscriptions for a specific Power BI user; Retrieving the list of Power BI subscriptions associated with a user |
| Microsoft Fabric activities | Retrieved Power BI unused artifacts | The activity is recorded when a user or system retrieves unused artifacts in Power BI. | Fetching unused Power BI artifacts; Retrieving artifacts that have not been utilized in Power BI |
| Microsoft Fabric activities | Created organizational Power BI content pack | The activity is recorded when an organizational Power BI content pack is created. | Creating a content pack for the organization in Power BI; Setting up an organizational Power BI content pack |
| Microsoft Fabric activities | Created Power BI app | The activity is recorded when a Power BI app is created. | Creating a new Power BI app; Setting up a custom Power BI app |
| Microsoft Fabric activities | Installed Power BI app | The activity is recorded when a user installs a Power BI app. | Installing a Power BI app for personal use; Installing a shared Power BI app |
| Microsoft Fabric activities | Updated Power BI app | The activity is recorded when a Power BI app is updated. | Updating the version or features of a Power BI app; Modifying settings for a Power BI app |
| Microsoft Fabric activities | Updated organization's Power BI settings | The activity is recorded when an organization’s Power BI settings are updated. | Changing the Power BI settings for the entire organization; Modifying the default Power BI settings for users |
| Microsoft Fabric activities | Started Power BI trial | The activity is recorded when a user starts a Power BI trial. | Activating a Power BI trial subscription; Starting a trial period for Power BI |
| Microsoft Fabric activities | Started Power BI extended trial | The activity is recorded when a user starts an extended Power BI trial. | Activating an extended trial period for Power BI; Starting a longer trial for Power BI features |
| Microsoft Fabric activities | Analyzed Power BI dataset | The activity is recorded when a user analyzes a Power BI dataset. | Running an analysis on a Power BI dataset; Exploring and analyzing data within Power BI |
| Microsoft Fabric activities | Retrieved workspaces for tenant | The activity is recorded when a user or system retrieves workspaces for a specific Power BI tenant. | Fetching workspaces associated with a Power BI tenant; Retrieving the list of workspaces for a given Power BI tenant |
| Microsoft Fabric activities | Retrieved workspace by ID for tenant | The activity is recorded when a user or system retrieves a specific workspace by ID for a Power BI tenant. | Fetching a workspace using its unique ID in Power BI; Retrieving a specific workspace for a Power BI tenant by ID |
| Microsoft Fabric activities | Retrieved workspace users for tenant | The activity is recorded when a user or system retrieves the users assigned to workspaces in a Power BI tenant. | Fetching users assigned to workspaces in a Power BI tenant; Retrieving the users of specific Power BI workspaces |
| Microsoft Fabric activities | Retrieved artifacts for tenant | The activity is recorded when a user or system retrieves artifacts for a Power BI tenant. | Fetching artifacts associated with a Power BI tenant; Retrieving the collection of artifacts for a Power BI tenant |
| Microsoft Fabric activities | Retrieved artifact by ID for tenant | The activity is recorded when a user or system retrieves an artifact by its ID for a Power BI tenant. | Fetching a specific artifact by its ID in Power BI; Retrieving a particular artifact for a Power BI tenant using its ID |
| Microsoft Fabric activities | Retrieved artifact users for tenant | The activity is recorded when a user or system retrieves the users associated with a specific artifact in a Power BI tenant. | Fetching users assigned to a particular artifact in Power BI; Retrieving users who have access to a specific artifact in Power BI |
| Microsoft Fabric activities | Retrieved artifact Access by user ID for tenant | The activity is recorded when a user or system retrieves artifact access by user ID for a Power BI tenant. | Fetching artifact access details by user ID in Power BI; Retrieving artifact access information for a specific user |
| Microsoft Fabric activities | Retrieved Tenant Settings for tenant | The activity is recorded when a user or system retrieves the tenant settings for a Power BI tenant. | Fetching tenant-level settings for a Power BI environment; Retrieving configuration settings for the Power BI tenant |
| Microsoft Fabric activities | Deleted workspace using Admin API | The activity is recorded when a workspace is deleted using the Admin API in Power BI. | Deleting a workspace via Power BI Admin API; Removing a Power BI workspace using Admin API |
| Microsoft Fabric activities | Retrieved capacity delegated tenant setting overrides | The activity is recorded when a user or system retrieves the delegated tenant setting overrides for a Power BI capacity. | Fetching delegated tenant settings overrides for a Power BI capacity; Retrieving the overrides for tenant-level settings in a Power BI capacity |
| Microsoft Fabric activities | Updated delegation at capacity-level | The activity is recorded when delegation settings are updated at the capacity level for Power BI. | Changing delegation settings at the Power BI capacity level; Modifying capacity-level delegation for Power BI |
| Microsoft Fabric activities | Updated delegation at workspace-level | The activity is recorded when delegation settings are updated at the workspace level for Power BI. | Changing delegation settings at the Power BI workspace level; Modifying workspace-level delegation for Power BI |
| Microsoft Fabric activities | Updated delegation at domain-level | The activity is recorded when delegation settings are updated at the domain level for Power BI. | Changing delegation settings at the Power BI domain level; Modifying domain-level delegation for Power BI |
| Microsoft Fabric activities | Deleted override at capacity-level | The activity is recorded when a capacity-level override is deleted for Power BI. | Removing capacity-level overrides for Power BI; Deleting a capacity override in Power BI |
| Microsoft Fabric activities | Deleted override at workspace-level | The activity is recorded when a workspace-level override is deleted for Power BI. | Removing workspace-level overrides for Power BI; Deleting a workspace override in Power BI |
| Microsoft Fabric activities | Deleted override at domain-level | The activity is recorded when a domain-level override is deleted for Power BI. | Removing domain-level overrides for Power BI; Deleting a domain override in Power BI |
| Microsoft Fabric activities | Created Power BI gateway | The activity is recorded when a new Power BI gateway is created. | Setting up a new Power BI gateway; Creating a new gateway for Power BI data access |
| Microsoft Fabric activities | Deleted Power BI gateway | The activity is recorded when a Power BI gateway is deleted. | Removing a Power BI gateway; Deleting an existing Power BI gateway |
| Microsoft Fabric activities | Added data source to Power BI gateway | The activity is recorded when a data source is added to a Power BI gateway. | Adding a data source to a Power BI gateway; Configuring a new data source for a Power BI gateway |
| Microsoft Fabric activities | Removed data source from Power BI gateway | The activity is recorded when a data source is removed from a Power BI gateway. | Removing a data source from a Power BI gateway; Deleting a data source configuration from a Power BI gateway |
| Microsoft Fabric activities | Changed Power BI gateway admins | The activity is recorded when the administrators of a Power BI gateway are changed. | Changing the admin settings for a Power BI gateway; Modifying the list of Power BI gateway administrators |
| Microsoft Fabric activities | Changed Power BI gateway data source users | The activity is recorded when the users associated with a Power BI gateway data source are changed. | Modifying users associated with a Power BI gateway data source; Changing the user settings for a Power BI gateway data source |
| Microsoft Fabric activities | Tested Power BI gateway data source connection with single sign on | The activity is recorded when the connection of a Power BI gateway data source is tested using Single Sign-On (SSO). | Testing the data source connection with SSO for Power BI gateway; Verifying a connection to a Power BI gateway data source using SSO |
| Microsoft Fabric activities | Retrieved multiple Power BI gateway clusters | The activity is recorded when multiple Power BI gateway clusters are retrieved. | Fetching multiple gateway clusters in Power BI; Retrieving all the Power BI gateway clusters |
| Microsoft Fabric activities | Retrieved Power BI gateway cluster | The activity is recorded when a specific Power BI gateway cluster is retrieved. | Fetching a specific Power BI gateway cluster; Retrieving details of a single Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved status of Power BI gateway cluster | The activity is recorded when the status of a Power BI gateway cluster is retrieved. | Checking the status of a Power BI gateway cluster; Retrieving the health or status of a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved member status of Power BI gateway cluster | The activity is recorded when the status of members in a Power BI gateway cluster is retrieved. | Fetching the status of members in a Power BI gateway cluster; Checking member status for Power BI gateway cluster |
| Microsoft Fabric activities | Patched Power BI gateway cluster | The activity is recorded when a patch is applied to a Power BI gateway cluster. | Applying a patch to a Power BI gateway cluster; Patching a Power BI gateway cluster to update its software |
| Microsoft Fabric activities | Updated member of Power BI gateway cluster | The activity is recorded when a member in a Power BI gateway cluster is updated. | Updating a member's settings or status in a Power BI gateway cluster; Modifying a member's role or permissions in a Power BI gateway cluster |
| Microsoft Fabric activities | Deleted Power BI gateway cluster | The activity is recorded when a Power BI gateway cluster is deleted. | Removing a Power BI gateway cluster; Deleting a gateway cluster from Power BI |
| Microsoft Fabric activities | Deleted member of Power BI gateway cluster | The activity is recorded when a member is deleted from a Power BI gateway cluster. | Removing a member from a Power BI gateway cluster; Deleting a member's account or access from a Power BI gateway cluster |
| Microsoft Fabric activities | Added user to Power BI gateway cluster | The activity is recorded when a user is added to a Power BI gateway cluster. | Adding a user to a Power BI gateway cluster; Granting a user access to a Power BI gateway cluster |
| Microsoft Fabric activities | Removed user from Power BI gateway cluster | The activity is recorded when a user is removed from a Power BI gateway cluster. | Removing a user from a Power BI gateway cluster; Revoking a user’s access to a Power BI gateway cluster |
| Microsoft Fabric activities | Initiated Power BI gateway cluster authentication process | The activity is recorded when the authentication process for a Power BI gateway cluster is initiated. | Starting the authentication process for a Power BI gateway cluster; Initiating authentication for a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved Power BI gateway cluster datasources | The activity is recorded when the data sources for a specific Power BI gateway cluster are retrieved. | Fetching the data sources for a Power BI gateway cluster; Retrieving a list of data sources for a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved all Power BI gateway cluster datasources | The activity is recorded when all data sources for a Power BI gateway cluster are retrieved. | Retrieving all data sources from a Power BI gateway cluster; Fetching the complete list of data sources from a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved Power BI gateway cluster datasource | The activity is recorded when a specific data source for a Power BI gateway cluster is retrieved. | Fetching details for a single data source from a Power BI gateway cluster; Retrieving a specific data source from a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved all supported datasources for Power BI gateway cluster | The activity is recorded when all supported data sources for a Power BI gateway cluster are retrieved. | Fetching all supported data sources for a Power BI gateway cluster; Retrieving the list of supported data sources for a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved status of Power BI gateway cluster datasource | The activity is recorded when the status of a data source in a Power BI gateway cluster is retrieved. | Checking the status of a specific data source in a Power BI gateway cluster; Retrieving the health or status of a data source for Power BI gateway cluster |
| Microsoft Fabric activities | Created Power BI gateway cluster datasource | The activity is recorded when a new data source is created for a Power BI gateway cluster. | Creating a new data source for a Power BI gateway cluster; Adding a new data source to a Power BI gateway cluster |
| Microsoft Fabric activities | Updated Power BI gateway cluster datasource | The activity is recorded when an existing data source in a Power BI gateway cluster is updated. | Modifying an existing data source for a Power BI gateway cluster; Updating a data source configuration for Power BI gateway cluster |
| Microsoft Fabric activities | Deleted Power BI gateway cluster datasource | The activity is recorded when a data source is deleted from a Power BI gateway cluster. | Removing a data source from a Power BI gateway cluster; Deleting a data source in a Power BI gateway cluster |
| Microsoft Fabric activities | Retrieved list of datasource users for Power BI gateway cluster | The activity is recorded when the list of users for a data source in a Power BI gateway cluster is retrieved. | Retrieving the users associated with a data source in a Power BI gateway cluster; Fetching a list of users who have access to a data source in a Power BI gateway cluster |
| Microsoft Fabric activities | Added user to Power BI gateway cluster datasource | The activity is recorded when a user is added to a data source in a Power BI gateway cluster. | Granting a user access to a data source in a Power BI gateway cluster; Adding a new user to a data source for Power BI gateway cluster |
| Microsoft Fabric activities | Removed user from Power BI gateway cluster datasource | The activity is recorded when a user is removed from a data source in a Power BI gateway cluster. | Revoking a user's access to a data source in a Power BI gateway cluster; Removing a user from a data source for Power BI gateway cluster |
| Microsoft Fabric activities | Updated credentials for Power BI gateway cluster datasource | The activity is recorded when the credentials for a data source in a Power BI gateway cluster are updated. | Modifying the credentials for a Power BI gateway cluster data source; Updating the authentication details for a Power BI gateway cluster data source |
| Microsoft Fabric activities | Retrieved authentication details for Power BI gateway cluster datasource | The activity is recorded when the authentication details for a data source in a Power BI gateway cluster are retrieved. | Fetching authentication details for a Power BI gateway cluster data source; Retrieving the credentials or authentication setup for a data source in Power BI gateway cluster |
| Microsoft Fabric activities | Tested Power BI gateway cluster datasource connection with SSO | The activity is recorded when the connection for a data source in a Power BI gateway cluster is tested using Single Sign-On (SSO). | Testing the connection to a data source in a Power BI gateway cluster with SSO; Verifying the data source connection for a Power BI gateway cluster using SSO |
| Microsoft Fabric activities | Retrieved Power BI gateway tenant policy | The activity is recorded when the tenant policy for a Power BI gateway is retrieved. | Fetching the tenant policy for Power BI gateway; Retrieving the policy settings for Power BI gateway at tenant level |
| Microsoft Fabric activities | Updated Power BI gateway tenant policy | The activity is recorded when the tenant policy for a Power BI gateway is updated. | Modifying the tenant policy for Power BI gateway; Updating the Power BI gateway tenant-level policy |
| Microsoft Fabric activities | Retrieved list of Power BI gateway installer principals | The activity is recorded when the list of Power BI gateway installer principals is retrieved. | Fetching the list of installer principals for Power BI gateway; Retrieving all principals that can install a Power BI gateway |
| Microsoft Fabric activities | Updated list of Power BI gateway installer principals | The activity is recorded when the list of Power BI gateway installer principals is updated. | Modifying the list of principals authorized to install a Power BI gateway; Updating the installer principals for Power BI gateway |
| Microsoft Fabric activities | Retrieved allowed Power BI gateway regions | The activity is recorded when the allowed regions for a Power BI gateway are retrieved. | Fetching the allowed regions for Power BI gateway installation; Retrieving the list of regions where Power BI gateways can be installed |
| Microsoft Fabric activities | Retrieved Power BI gateway tenant keys | The activity is recorded when the tenant keys for a Power BI gateway are retrieved. | Fetching the tenant keys for Power BI gateway; Retrieving the keys for the Power BI gateway tenant |
| Microsoft Fabric activities | Created Power BI gateway tenant key | The activity is recorded when a new tenant key for Power BI gateway is created. | Generating a new tenant key for Power BI gateway; Creating a new gateway tenant key in Power BI |
| Microsoft Fabric activities | Rotated Power BI gateway tenant key | The activity is recorded when the tenant key for Power BI gateway is rotated or replaced. | Rotating the tenant key for Power BI gateway; Replacing the gateway tenant key in Power BI |
| Microsoft Fabric activities | Updated the Power BI gateway | The activity is recorded when an update is applied to a Power BI gateway. | Applying updates to a Power BI gateway; Updating the configuration or version of a Power BI gateway |
| Microsoft Fabric activities | Updated the Power BI datasource | The activity is recorded when an update is applied to a data source within Power BI. | Modifying a Power BI data source; Updating the configuration or settings of a Power BI datasource |
| Microsoft Fabric activities | Binded monikers to Power BI datasources | The activity is recorded when monikers are bound to Power BI datasources for identification or integration purposes. | Binding identifiers (monikers) to a Power BI data source; Associating monikers with Power BI data sources for integration |
| Microsoft Fabric activities | Encrypted credentials for Power BI datasource | The activity is recorded when the credentials for a Power BI data source are encrypted for secure storage and usage. | Encrypting the credentials for a Power BI data source; Securing the credentials for Power BI datasource by encryption |
| Microsoft Fabric activities | Encrypted credentials using Power BI gateway cluster | The activity is recorded when credentials for a Power BI data source are encrypted using a Power BI gateway cluster. | Using Power BI gateway cluster to encrypt data source credentials; Encrypting credentials through a Power BI gateway cluster |
| Microsoft Fabric activities | Reencrypted credentials for Power BI gateway datasource | The activity is recorded when the credentials for a Power BI gateway datasource are re-encrypted. | Re-encrypting credentials for a Power BI datasource; Renewing the encryption for Power BI gateway data source credentials |
| Microsoft Fabric activities | Mapped user principal names for tenant | The activity is recorded when user principal names (UPNs) are mapped to tenants for identification or access purposes in Power BI. | Mapping UPNs to tenant users in Power BI; Associating user principal names with tenants for Power BI access |
| Microsoft Fabric activities | Evaluated diagnostics download for Power BI gateway | The activity is recorded when the diagnostic download feature for Power BI gateway is evaluated or accessed. | Evaluating the diagnostics download for a Power BI gateway; Accessing diagnostic logs or downloads for Power BI gateway |
| Microsoft Fabric activities | Retrieved moniker, data source credentials, and gateway relay information for the artifact engine | The activity is recorded when moniker, data source credentials, and gateway relay information are retrieved for the artifact engine in Power BI. | Retrieving moniker, credentials, and relay info for the artifact engine; Fetching essential data for the artifact engine in Power BI |
| Storage operations | Aborted copying the blob | The activity is recorded when the process of copying a blob is aborted. | Cancelling the blob copy operation; Stopping the process of copying a blob in Power BI |
| Storage operations | Appended the block | The activity is recorded when a block of data is appended to a file or blob. | Appending a block to a blob in storage; Adding additional data to a file or blob in Power BI |
| Storage operations | Appended block from the Url | The activity is recorded when a block of data is appended to a file or blob from a URL. | Appending data to a blob from a URL; Adding blocks to a file from a URL in Power BI |
| Storage operations | Appended data to the File | The activity is recorded when data is appended to a file. | Appending new data to a file in Power BI; Adding data to an existing file in Power BI |
| Storage operations | Checked access to the file or blob | The activity is recorded when access to a file or blob is checked or verified. | Verifying access to a file or blob; Checking permissions for a file or blob in Power BI |
| Storage operations | Copied blob | The activity is recorded when a blob is successfully copied. | Copying a blob from one storage location to another; Duplicating a blob in Power BI storage |
| Storage operations | Created container | The activity is recorded when a new container is created in the storage. | Creating a new storage container; Setting up a container in Power BI storage |
| Storage operations | Created directory | The activity is recorded when a new directory is created in storage. | Creating a directory within a container; Adding a new directory to Power BI storage |
| Storage operations | Created file | The activity is recorded when a new file is created in storage. | Creating a new file in Power BI storage; Setting up a new file for data in Power BI |
| Storage operations | Created file system | The activity is recorded when a new file system is created. | Creating a new file system for managing files; Setting up a new file system in Power BI storage |
| Storage operations | Deleted blob | The activity is recorded when a blob is deleted from storage. | Removing a blob from storage; Deleting a file or blob from Power BI |
| Storage operations | Deleted container | The activity is recorded when a container is deleted in the storage system. | Deleting a storage container in Power BI; Removing an entire container from Power BI storage |
| Storage operations | Deleted file or blob | The activity is recorded when a file or blob is deleted from storage. | Deleting a file or blob from Power BI storage; Removing an object from the blob storage in Power BI |
| Storage operations | Deleted file system | The activity is recorded when a file system is deleted. | Deleting a file system in Power BI storage; Removing an entire file system from Power BI storage |
| Storage operations | Flushed data to the file | The activity is recorded when data is flushed or written to a file in storage. | Writing or flushing data to a file in Power BI storage; Saving data into a file in Power BI |
| Storage operations | Got access control list for file | The activity is recorded when the access control list (ACL) for a file is retrieved. | Getting the access control list for a file in Power BI storage; Fetching the ACL to check permissions on a file in Power BI |
| Storage operations | Got Blob | The activity is recorded when a blob is retrieved from the storage. | Fetching a blob from Power BI storage; Retrieving a blob from the storage system in Power BI |
| Storage operations | Got metadata for the blob | The activity is recorded when metadata for a blob is retrieved. | Getting metadata information for a blob in Power BI storage; Retrieving properties and metadata of a blob from Power BI |
| Storage operations | Got block list | The activity is recorded when the block list for a blob is retrieved. | Fetching the block list for a blob in Power BI storage; Getting the list of blocks from a blob in Power BI |
| Storage operations | Got file or blob properties | The activity is recorded when the properties of a file or blob are retrieved. | Getting properties of a file or blob in Power BI storage; Fetching details about a file or blob in Power BI |
| Storage operations | Got path status | The activity is recorded when the status of a file or blob path is retrieved. | Checking the status of a path in Power BI storage; Retrieving the path status for a file or blob in Power BI |
| Storage operations | Got properties | The activity is recorded when the properties of a file, blob, or container are retrieved. | Getting file or blob properties in Power BI storage; Fetching properties of objects in Power BI storage |
| Error logging | Performed invalid operation | The activity is recorded when an invalid operation is performed in Power BI storage. | Attempting an unsupported or invalid operation in Power BI storage; Performing an incorrect action on a file or blob in Power BI |
| Storage operations | Got lease on blob | The activity is recorded when a lease is obtained on a blob in Power BI storage. | Leasing a blob for exclusive access in Power BI; Getting a lease on a blob to prevent other operations |
| Storage operations | Got lease on container | The activity is recorded when a lease is obtained on a container in Power BI storage. | Obtaining a lease on a container in Power BI storage; Leasing a storage container for exclusive use in Power BI |
| Storage operations | Got lease path | The activity is recorded when a lease is obtained on a path in Power BI storage. | Getting a lease on a specific file or path in Power BI; Leasing a file path in Power BI storage |
| Storage operations | Got list of blobs | The activity is recorded when the list of blobs is retrieved from a storage container. | Getting a list of all blobs in a container in Power BI; Retrieving blob names and metadata from a container |
| Storage operations | Got list file path | The activity is recorded when the list of file paths is retrieved from the file system. | Getting a list of file paths in the Power BI file system; Retrieving all file paths from a directory or container |
| Storage operations | Patched file system | The activity is recorded when a file system is patched or updated in Power BI storage. | Updating or patching the file system in Power BI; Applying a patch to the file system in Power BI storage |
| Storage operations | Put blob | The activity is recorded when a blob is uploaded or stored in the storage system. | Uploading a blob to Power BI storage; Storing data in the form of a blob in Power BI |
| Storage operations | Put blob from url | The activity is recorded when a blob is uploaded from a URL. | Uploading a blob to Power BI storage directly from a URL; Fetching a blob from a URL and storing it in Power BI |
| Storage operations | Put block | The activity is recorded when a block of data is uploaded or stored in a blob. | Uploading a block to a blob in Power BI storage; Storing data blocks in Power BI storage |
| Storage operations | Put block list | The activity is recorded when a list of blocks is uploaded to a blob. | Uploading a list of blocks to a blob in Power BI storage; Pushing a block list to a blob in Power BI |
| Storage operations | Queried blob content | The activity is recorded when the content of a blob is queried or retrieved. | Querying the content of a blob in Power BI storage; Retrieving the data or content stored in a blob in Power BI |
| Storage operations | Read file or get blob | The activity is recorded when a file or blob is read or fetched from storage. | Reading the contents of a file from Power BI storage; Fetching a blob from Power BI storage |
| Storage operations | Renamed file or directory | The activity is recorded when a file or directory is renamed. | Renaming a file or directory in Power BI storage; Changing the name of a file or folder in Power BI |
| Storage operations | Restored container | The activity is recorded when a container is restored after deletion or loss. | Restoring a deleted container in Power BI storage; Recovering a container in Power BI |
| Storage operations | Set access to file | The activity is recorded when access permissions to a file are set or modified. | Setting access control for a file in Power BI; Changing access rights for a file in Power BI storage |
| Storage operations | Set blob expiry | The activity is recorded when an expiry date is set for a blob. | Setting an expiry date for a blob in Power BI; Configuring expiration for a blob stored in Power BI |
| Storage operations | Set blob metadata | The activity is recorded when metadata is set for a blob. | Adding or modifying metadata for a blob in Power BI; Setting metadata properties for a blob in Power BI storage |
| Storage operations | Set blob properties | The activity is recorded when properties for a blob are set or updated. | Changing properties for a blob in Power BI; Configuring blob properties in Power BI storage |
| Storage operations | Set blob tier | The activity is recorded when the storage tier of a blob is set or updated. | Setting the tier for a blob in Power BI storage; Configuring the blob's storage class or tier |
| Storage operations | Set container ACL | The activity is recorded when an access control list (ACL) is set for a container. | Setting the ACL for a container in Power BI storage; Modifying the access control list of a storage container |
| Storage operations | Set container metadata | The activity is recorded when metadata is set for a container. | Adding metadata to a container in Power BI storage; Modifying container-level metadata in Power BI |
| Storage operations | Set file properties | The activity is recorded when properties for a file are set or updated. | Changing properties for a file in Power BI storage; Modifying file properties in Power BI |
| Error logging | Performed uncategorized operation | The activity is recorded when an operation does not fall into a specific category. | Executing an unsupported or unclassified operation in Power BI; Performing an unknown action in Power BI storage |
| Storage operations | Got undeleted blob | The activity is recorded when a previously deleted blob is retrieved or found. | Getting a blob that was thought to be deleted in Power BI; Recovering an undeleted blob from Power BI storage |
| Error logging | Got unsupported blob account operations | The activity is recorded when unsupported operations are attempted on a blob account. | Attempting unsupported operations on a blob account in Power BI; Executing invalid operations on a blob account in Power BI |
| Error logging | Got unsupported blob container operations | The activity is recorded when unsupported operations are attempted on a blob container. | Attempting unsupported operations on a blob container in Power BI; Performing invalid actions on a blob container |
| Error logging | Got unsupported blob operations | The activity is recorded when unsupported operations are attempted on a blob. | Attempting unsupported operations on a blob in Power BI; Performing invalid actions on a blob |
| Error logging | Got unsupported file system operations | The activity is recorded when unsupported operations are attempted on the file system. | Attempting unsupported file system operations in Power BI; Performing invalid file system actions in Power BI |
| Storage operations | Added file to the shortcut | The activity is recorded when a file is added to a shortcut in Power BI. | Adding a file to a shortcut in Power BI; Linking a file to a shortcut for easier access in Power BI |
| Storage operations | Created shortcut | The activity is recorded when a shortcut is created in Power BI storage. | Creating a shortcut to a file or directory in Power BI; Setting up a shortcut to a file in Power BI storage |
| Storage operations | Deleted shortcut | The activity is recorded when a shortcut is deleted from Power BI storage. | Deleting a shortcut from Power BI storage; Removing a shortcut to a file or folder in Power BI |
| Storage operations | Got shortcut | The activity is recorded when a shortcut is retrieved or accessed from Power BI storage. | Getting a shortcut to a file or folder in Power BI; Accessing a shortcut in Power BI storage |
| Artifact management | Got index to shortcut artifact | The activity is recorded when an index is retrieved for a shortcut artifact. | Retrieving the index for a shortcut artifact in Power BI; Getting index details for a shortcut stored in Power BI |
| Storage operations | Removed shortcut | The activity is recorded when a shortcut is removed from Power BI storage. | Deleting a shortcut from Power BI storage; Removing a file shortcut in Power BI |
| Storage operations | Search for shortcut | The activity is recorded when a search is performed for a shortcut in Power BI storage. | Searching for a specific shortcut in Power BI storage; Looking up a shortcut for a file or directory in Power BI |
| Artifact management | Got an artifact's roles | The activity is recorded when the roles assigned to an artifact are retrieved. | Fetching the roles associated with an artifact in Power BI; Retrieving role information for a specific artifact |
| Artifact management | Updated an artifact's roles | The activity is recorded when roles assigned to an artifact are updated. | Modifying roles for an artifact in Power BI; Changing user roles on a specific artifact in Power BI |
| Artifact management | Got universal security changes in an artifact | The activity is recorded when universal security changes are made to an artifact. | Fetching universal security changes for an artifact in Power BI; Reviewing changes to security settings of an artifact |
| Artifact management | Got roles a user has in an artifact | The activity is recorded when the roles assigned to a user for an artifact are retrieved. | Getting the roles a user holds for an artifact in Power BI; Retrieving user role information for an artifact |
| Artifact management | Got metadata for a role | The activity is recorded when metadata related to a specific role is retrieved. | Fetching metadata for a specific role in Power BI; Getting role metadata for access management in Power BI |
| Dataset management | Set scheduled refresh on Power BI dataset | The activity is recorded when a scheduled refresh is set on a Power BI dataset. | Configuring scheduled refresh for a Power BI dataset; Setting up an automatic refresh schedule for a dataset |
| App management | Unpublished Power BI app | The activity is recorded when a Power BI app is unpublished. | Unpublishing an app in Power BI; Removing a published app from Power BI |
| Content management | Deleted organizational Power BI content pack | The activity is recorded when an organizational Power BI content pack is deleted. | Deleting an organizational content pack in Power BI; Removing a content pack from Power BI |
| Dashboard management | Renamed Power BI dashboard | The activity is recorded when a Power BI dashboard is renamed. | Renaming a Power BI dashboard; Changing the name of a dashboard in Power BI |
| Dataset management | Got Power BI dataset info | The activity is recorded when information about a Power BI dataset is retrieved. | Getting information about a Power BI dataset; Fetching metadata and details for a Power BI dataset |
| Dataset management | Edited Power BI dataset | The activity is recorded when a Power BI dataset is edited. | Modifying a Power BI dataset; Updating the schema or data source of a Power BI dataset |
| Capacity management | Updated capacity display name | The activity is recorded when the display name of a Power BI capacity is updated. | Changing the display name of a Power BI capacity; Renaming a Power BI capacity |
| Capacity management | Changed capacity state | The activity is recorded when the state of a Power BI capacity is changed. | Modifying the state of a Power BI capacity; Enabling or disabling a Power BI capacity |
| Capacity management | Updated capacity admin | The activity is recorded when the admin of a Power BI capacity is updated. | Changing the admin of a Power BI capacity; Assigning a new admin to a Power BI capacity |
| Capacity management | Changed capacity user assignment | The activity is recorded when the user assignment for a Power BI capacity is changed. | Modifying user assignments for a Power BI capacity; Changing the users assigned to a Power BI capacity |
| Workspace management | Migrated workspace to a capacity | The activity is recorded when a Power BI workspace is migrated to a capacity. | Migrating a workspace to a different Power BI capacity; Moving a workspace into a capacity for enhanced performance |
| Workspace management | Removed workspace from a capacity | The activity is recorded when a Power BI workspace is removed from a capacity. | Removing a workspace from a Power BI capacity; Unassigning a workspace from a specific capacity |
| Workspace management | Retrieved Power BI workspaces | The activity is recorded when Power BI workspaces are retrieved. | Fetching a list of workspaces in Power BI; Retrieving all workspaces available in Power BI |
| Report management | Shared Power BI report | The activity is recorded when a Power BI report is shared. | Sharing a Power BI report with others; Distributing a Power BI report to a set of users |
| Embedding | Generated Power BI Embed Token | The activity is recorded when an embed token for Power BI is generated, allowing embedding reports or dashboards in other applications. | Creating an embed token for a Power BI report; Generating an embed token to integrate Power BI content in an external application |
| Embedding | Generated a Power BI Multi Resource Embed Token | The activity is recorded when a multi-resource embed token for Power BI is generated, enabling embedding content from multiple resources. | Generating a multi-resource embed token for Power BI content; Creating an embed token that works across several Power BI resources |
| Dataset management | Discovered Power BI dataset data sources | The activity is recorded when the data sources associated with a Power BI dataset are discovered. | Fetching the data sources linked to a Power BI dataset; Listing data sources for a specific Power BI dataset |
| Dataset management | Discovered data sources for a user and matching data source reference | The activity is recorded when the data sources available to a user and their corresponding references are discovered. | Retrieving the data sources available to a specific Power BI user; Listing data sources for a user and matching references in Power BI |
| Dataset management | Updated Power BI dataset data sources | The activity is recorded when the data sources associated with a Power BI dataset are updated. | Updating the data sources for a Power BI dataset; Modifying the connections for a dataset in Power BI |
| Dataset management | Requested Power BI dataset refresh | The activity is recorded when a dataset refresh request is made in Power BI. | Triggering a refresh for a Power BI dataset; Requesting the refresh of a Power BI dataset |
| Dataset management | Requested Power BI dataset refresh cancellation | The activity is recorded when a dataset refresh request in Power BI is canceled. | Canceling a dataset refresh operation in Power BI; Stopping the refresh of a Power BI dataset |
| Gateway management | Binded Power BI dataset to gateway | The activity is recorded when a Power BI dataset is bound to a gateway for connecting to data sources. | Binding a dataset to a Power BI gateway; Connecting a dataset to a gateway for data access |
| Dataset management | Changed Power BI dataset connections | The activity is recorded when the connections of a Power BI dataset are modified. | Modifying the data source connections for a Power BI dataset; Updating the connection settings for a Power BI dataset |
| Dataset management | Took over Power BI dataset | The activity is recorded when ownership of a Power BI dataset is taken over by another user or service. | Taking ownership of a Power BI dataset; Transferring control of a Power BI dataset to another user |
| Gateway management | Updated Power BI gateway data source credentials | The activity is recorded when the credentials for a Power BI gateway data source are updated. | Changing the credentials for a Power BI gateway data source; Updating authentication details for a Power BI data source |
| File management | Imported file to Power BI | The activity is recorded when a file is imported into Power BI. | Importing a CSV or Excel file into Power BI; Uploading a file into Power BI for analysis |
| Dataset management | Updated Power BI dataset parameters | The activity is recorded when the parameters of a Power BI dataset are updated. | Modifying the parameters of a Power BI dataset; Updating filter settings or dynamic parameters for a dataset |
| Dataset management | Requested synchronization of the read replicas of a scale-out-enabled Power BI dataset with its read/write replica | The activity is recorded when synchronization between read replicas and the main read/write replica of a scale-out-enabled Power BI dataset is requested. | Synchronizing the replicas for a scale-out-enabled Power BI dataset; Requesting sync between read and write replicas in Power BI |
| Dataset management | Requested the sync status of a scale-out-enabled Power BI dataset | The activity is recorded when the sync status of a scale-out-enabled Power BI dataset is requested. | Checking the synchronization status of a scale-out-enabled dataset; Retrieving the sync status for a dataset with multiple replicas |
| Dataset management | Updated the properties of a Power BI dataset | The activity is recorded when the properties of a Power BI dataset are updated. | Modifying the properties or settings for a Power BI dataset; Updating metadata or configuration for a Power BI dataset |
| Dataflow management | Generated Power BI dataflow SAS token | The activity is recorded when a SAS (Shared Access Signature) token for a Power BI dataflow is generated. | Creating a SAS token to provide access to a Power BI dataflow; Generating an access token for a Power BI dataflow |
| Dataflow management | Created Power BI dataflow | The activity is recorded when a new Power BI dataflow is created. | Creating a new Power BI dataflow for data processing; Setting up a dataflow to transform and load data in Power BI |
| Dataflow management | Updated Power BI dataflow | The activity is recorded when a Power BI dataflow is updated. | Modifying an existing Power BI dataflow; Changing the structure or data sources of a Power BI dataflow |
| Dataflow management | Deleted Power BI dataflow | The activity is recorded when a Power BI dataflow is deleted. | Deleting a Power BI dataflow from the workspace; Removing an existing dataflow in Power BI |
| Dataflow management | Cleaned up Power BI dataflow | The activity is recorded when cleanup operations are performed on a Power BI dataflow. | Performing cleanup for a Power BI dataflow; Removing unnecessary transformations or datasets from a Power BI dataflow |
| Dataflow management | Viewed Power BI dataflow | The activity is recorded when a Power BI dataflow is viewed or previewed. | Viewing the details of a Power BI dataflow; Previewing the data transformation steps in a Power BI dataflow |
| Dataflow management | Exported Power BI dataflow | The activity is recorded when a Power BI dataflow is exported to a file or external system. | Exporting a Power BI dataflow for backup or sharing; Saving a Power BI dataflow to an external location |
| Dataflow management | Set scheduled refresh on Power BI dataflow | The activity is recorded when a scheduled refresh for a Power BI dataflow is set up. | Configuring a scheduled refresh for a Power BI dataflow; Setting the refresh frequency for a Power BI dataflow |
| Dataflow management | Requested Power BI dataflow refresh | The activity is recorded when a refresh request for a Power BI dataflow is made. | Initiating a manual refresh for a Power BI dataflow; Requesting a dataflow refresh to update data in Power BI |
| Dataflow management | Received Power BI dataflow secret from Key Vault | The activity is recorded when a Power BI dataflow secret is retrieved from a Key Vault for authentication or configuration. | Retrieving credentials or keys for a Power BI dataflow from Key Vault; Accessing a Power BI dataflow secret for security purposes |
| Dataflow management | Attached dataflow storage account | The activity is recorded when a storage account is attached to a Power BI dataflow. | Attaching a storage account to a Power BI dataflow for data storage; Linking a storage account to a Power BI dataflow for better data management |
| Dataflow management | Migrated dataflow storage location | The activity is recorded when the storage location for a Power BI dataflow is migrated. | Changing the storage location for a Power BI dataflow; Migrating Power BI dataflow data to a new storage location |
| Dataflow management | Updated dataflow storage assignment permissions | The activity is recorded when permissions related to the storage assignment of a Power BI dataflow are updated. | Modifying the permissions for storage accounts attached to Power BI dataflows; Updating storage access rights for a Power BI dataflow |
| Dataflow management | Set dataflow storage location for workspace | The activity is recorded when the dataflow storage location for a Power BI workspace is set. | Defining the storage location for dataflows within a Power BI workspace; Assigning a specific storage location to store Power BI dataflow data |
| Dataflow management | Took ownership of Power BI dataflow | The activity is recorded when a user takes ownership of a Power BI dataflow. | Taking ownership of a Power BI dataflow to manage its configuration; Assuming responsibility for the management of a Power BI dataflow |
| Dataflow management | Canceled Power BI dataflow refresh | The activity is recorded when a Power BI dataflow refresh operation is canceled. | Stopping an in-progress refresh operation for a Power BI dataflow; Canceling the refresh process for a Power BI dataflow |
| Subscription management | Created Power BI email subscription | The activity is recorded when a new email subscription for Power BI content is created. | Setting up a new email subscription for a Power BI report or dashboard; Creating a subscription to send Power BI reports via email |
| Subscription management | Updated Power BI email subscription | The activity is recorded when an existing Power BI email subscription is updated. | Changing the configuration of an existing Power BI email subscription; Modifying the recipients or frequency of a Power BI email subscription |
| Subscription management | Deleted Power BI email subscription | The activity is recorded when a Power BI email subscription is deleted. | Removing an email subscription for Power BI content; Deleting a scheduled email report subscription in Power BI |
| Subscription management | Ran Power BI email subscription | The activity is recorded when a Power BI email subscription is run to deliver reports or dashboards. | Running a Power BI email subscription to send reports; Triggering the execution of an email subscription for Power BI content |
| Subscription management | Took over Power BI email subscription | The activity is recorded when ownership of a Power BI email subscription is taken over by another user. | Taking over the management of a Power BI email subscription; Transferring control of an email subscription for Power BI reports |
| Miscellaneous | Generated screenshot | The activity is recorded when a screenshot is generated, often for sharing or documentation purposes. | Capturing a screenshot of a Power BI report; Generating an image snapshot of Power BI content |
| Content management | Created Power BI folder | The activity is recorded when a new folder is created within Power BI for organizing content. | Creating a new folder to organize Power BI reports; Setting up a folder for Power BI dashboards |
| Content management | Deleted Power BI folder | The activity is recorded when a folder in Power BI is deleted. | Deleting an existing folder from Power BI; Removing a folder used to organize Power BI reports |
| Content management | Updated Power BI folder | The activity is recorded when a folder within Power BI is updated, such as renaming or reconfiguring its settings. | Modifying the name or configuration of a Power BI folder; Updating settings for a folder containing Power BI reports |
| Content management | Added Power BI folder access | The activity is recorded when access to a Power BI folder is granted to a user or group. | Granting access to a Power BI folder to a specific user; Adding a user or group to a Power BI folder's access control list |
| Content management | Deleted Power BI folder access | The activity is recorded when access to a Power BI folder is revoked from a user or group. | Removing a user from accessing a Power BI folder; Revoking folder access for a Power BI report folder |
| Content management | Updated Power BI folder access | The activity is recorded when the access settings for a Power BI folder are updated. | Changing the access permissions for a Power BI folder; Modifying user or group access rights to a Power BI folder |
| Interaction management | Posted Power BI comment | The activity is recorded when a comment is posted on a Power BI report, dataset, or dashboard. | Adding a comment to a Power BI report; Posting feedback or notes on a Power BI dataset |
| Interaction management | Deleted Power BI comment | The activity is recorded when a comment on a Power BI report, dataset, or dashboard is deleted. | Deleting a previously posted comment on a Power BI report; Removing feedback on a Power BI dataset |
| Report usage | Analyzed Power BI report | The activity is recorded when a Power BI report is analyzed by a user. | Reviewing the data and visualizations in a Power BI report; Performing analysis or interpretation of a Power BI report |
| Report usage | Viewed Power BI usage metrics | The activity is recorded when a user views the usage metrics for a Power BI report or dashboard. | Viewing the performance and usage statistics of a Power BI report; Analyzing the number of views and interactions for a Power BI dashboard |
| Dataset management | Edited Power BI dataset endorsement | The activity is recorded when the endorsement of a Power BI dataset is edited. | Changing the endorsement status of a Power BI dataset; Modifying the dataset endorsement to promote or demote it |
| Dataflow management | Edited Power BI dataflow endorsement | The activity is recorded when the endorsement of a Power BI dataflow is edited. | Updating the endorsement for a Power BI dataflow; Changing the endorsement status of a Power BI dataflow to reflect its quality |
| Report management | Edited Power BI report endorsement | The activity is recorded when the endorsement of a Power BI report is edited. | Modifying the endorsement status of a Power BI report; Promoting or demoting the endorsement of a Power BI report |
| App management | Edited Power BI app endorsement | The activity is recorded when the endorsement of a Power BI app is edited. | Changing the endorsement of a Power BI app; Updating the status of a Power BI app endorsement |
| Workspace management | Retrieved list of modified workspaces in Power BI tenant | The activity is recorded when a list of modified workspaces in a Power BI tenant is retrieved. | Fetching a list of workspaces that have been recently modified in Power BI; Getting updated information about modified workspaces in a tenant |
| Scan operations | Sent a scan request in Power BI tenant | The activity is recorded when a scan request is sent in a Power BI tenant for data validation or analysis. | Requesting a scan operation to analyze Power BI data; Initiating a scan process in Power BI tenant |
| Scan operations | Retrieved scan result in Power BI tenant | The activity is recorded when the result of a scan request in a Power BI tenant is retrieved. | Fetching the results of a scan in Power BI; Viewing the scan results after a data validation in Power BI tenant |
| Snapshot management | Inserted snapshot for user in Power BI tenant | The activity is recorded when a snapshot is inserted for a user in the Power BI tenant. | Inserting a snapshot of data or report for a specific user; Adding a snapshot to a user's Power BI environment |
| Snapshot management | Updated snapshot for user in Power BI tenant | The activity is recorded when a snapshot for a user in the Power BI tenant is updated. | Updating an existing snapshot for a Power BI user; Modifying the data snapshot for a user in Power BI |
| Snapshot management | Deleted snapshot for user in Power BI tenant | The activity is recorded when a snapshot for a user in the Power BI tenant is deleted. | Deleting a previously stored snapshot for a user; Removing a user-specific snapshot from Power BI |
| Snapshot management | Retrieved snapshots for user in Power BI tenant | The activity is recorded when the list of snapshots for a user in the Power BI tenant is retrieved. | Fetching the available snapshots for a Power BI user; Viewing the history of snapshots for a specific user in Power BI |
| Access management | Updated Power BI access request settings | The activity is recorded when the access request settings for Power BI are updated. | Changing the settings for access requests in Power BI; Updating user permissions or approval settings for accessing Power BI content |
| Model settings | Updated Power BI discoverable model settings | The activity is recorded when the discoverable model settings in Power BI are updated. | Updating the settings that control which models are discoverable in Power BI; Modifying the visibility of Power BI datasets and models for users |
| Content certification | Edited Power BI certification permission | The activity is recorded when the certification permission for Power BI content is edited. | Changing the permissions for certifying a Power BI report or dataset; Updating the certification settings for a Power BI content item |
| Datasource management | Took over a Power BI datasource | The activity is recorded when a user takes over the management of a Power BI data source. | Assuming responsibility for managing a Power BI datasource; Taking control over the configuration and maintenance of a Power BI datasource |
| Capacity management | Updated capacity custom settings | The activity is recorded when custom settings for Power BI capacity are updated. | Modifying custom settings for Power BI capacity; Updating configurations related to Power BI service capacity |
| Workspace management | Created workspace for Power BI template app | The activity is recorded when a new workspace is created for a Power BI template app. | Setting up a workspace for a Power BI template app; Creating a dedicated workspace for managing Power BI template content |
| Workspace management | Deleted workspace for Power BI template app | The activity is recorded when a workspace for a Power BI template app is deleted. | Deleting a workspace used for a Power BI template app; Removing a Power BI template app workspace from the tenant |
| Template app management | Updated settings for Power BI template app | The activity is recorded when settings for a Power BI template app are updated. | Changing configuration settings for a Power BI template app; Modifying parameters or settings for a Power BI template app |
| Template app management | Updated testing permissions for Power BI template app | The activity is recorded when testing permissions for a Power BI template app are updated. | Changing permissions for testing a Power BI template app; Modifying user access for testing a Power BI template app |
| Template app management | Created Power BI template app | The activity is recorded when a new Power BI template app is created. | Creating a new Power BI template app; Developing and launching a Power BI template app |
| Template app management | Deleted Power BI template app | The activity is recorded when a Power BI template app is deleted. | Deleting a Power BI template app from the tenant; Removing a Power BI template app and its components |
| Template app management | Promoted Power BI template app | The activity is recorded when a Power BI template app is promoted. | Changing the status of a Power BI template app to promoted; Promoting a Power BI template app to be used across the organization |
| Template app management | Installed Power BI template app | The activity is recorded when a Power BI template app is installed. | Installing a Power BI template app to a workspace; Deploying a Power BI template app for use |
| Template app management | Updated parameters for installed Power BI template app | The activity is recorded when parameters for an installed Power BI template app are updated. | Modifying parameters or configurations of an installed Power BI template app; Updating the settings of an installed Power BI template app |
| Template app management | Created install ticket for installing Power BI template app | The activity is recorded when an install ticket for a Power BI template app is created. | Creating a request or ticket to install a Power BI template app; Logging an install request for a Power BI template app |
| Custom visual management | Updated an organizational custom visual | The activity is recorded when an organizational custom visual is updated. | Modifying the settings or configuration of an organizational custom visual; Updating the custom visual used across the organization |
| Custom visual management | Created an organizational custom visual | The activity is recorded when an organizational custom visual is created. | Creating a new custom visual for use within the organization; Developing and adding a new custom visual to the Power BI tenant |
| Custom visual management | Deleted an organizational custom visual | The activity is recorded when an organizational custom visual is deleted. | Removing an organizational custom visual from Power BI; Deleting a custom visual from the organization's Power BI environment |
| Custom visual integration | Custom visual requested Azure AD access token | The activity is recorded when a custom visual requests an Azure AD access token. | A custom visual requests an access token from Azure Active Directory; Requesting authentication for a custom visual using Azure AD token |
| Custom visual integration | Custom visual requested Office Web Apps access token | The activity is recorded when a custom visual requests an Office Web Apps access token. | A custom visual requests an access token from Office Web Apps; Requesting Office Web Apps authentication for a custom visual |
| External app integration | Connected to Power BI dataset from external app | The activity is recorded when an external app connects to a Power BI dataset. | Establishing a connection between an external application and a Power BI dataset; Connecting a third-party app to a Power BI dataset |
| External app integration | Created Power BI dataset from external app | The activity is recorded when a Power BI dataset is created from an external app. | Creating a Power BI dataset from an external application; Importing data from an external app to create a Power BI dataset |
| External app integration | Deleted Power BI dataset from external app | The activity is recorded when a Power BI dataset is deleted from an external app. | Removing a Power BI dataset created from an external app; Deleting a dataset linked to an external application from Power BI |
| External app integration | Edited Power BI dataset from external app | The activity is recorded when a Power BI dataset is edited from an external app. | Modifying a Power BI dataset from an external application; Editing the configuration of a Power BI dataset created from an external app |
| External app integration | Requested Power BI dataset refresh from external app | The activity is recorded when a Power BI dataset refresh is requested from an external app. | Requesting a refresh for a Power BI dataset through an external app; Triggering a Power BI dataset refresh via an external application |
| Storage management | Requested SAS token for Power BI storage | The activity is recorded when an SAS token for Power BI storage is requested. | Requesting a Shared Access Signature (SAS) token for Power BI storage; Generating an SAS token to access data stored in Power BI |
| External app integration | Edited Analysis Services Server Properties on Power BI workspace from external app | The activity is recorded when Analysis Services server properties are edited on a Power BI workspace from an external app. | Modifying server properties for Analysis Services from an external app; Changing configuration of Power BI workspace server properties |
| External app integration | Exported Power BI dataset tables to OneLake from external app | The activity is recorded when Power BI dataset tables are exported to OneLake from an external app. | Exporting dataset tables from Power BI to OneLake using an external application; Transferring Power BI dataset tables to OneLake through an external app |
| Storage management | Requested account key for Power BI storage | The activity is recorded when an account key for Power BI storage is requested. | Requesting an account key for accessing Power BI storage; Generating an account key for Power BI storage access |
| Deployment pipeline management | Assigned a workspace to a deployment pipeline | The activity is recorded when a workspace is assigned to a deployment pipeline in Power BI. | Assigning a workspace to a deployment pipeline for staging; Linking a Power BI workspace to a deployment pipeline |
| Deployment pipeline management | Removed a workspace from a deployment pipeline | The activity is recorded when a workspace is removed from a deployment pipeline in Power BI. | Removing a workspace from a deployment pipeline; Unlinking a workspace from a deployment pipeline |
| Deployment pipeline management | Deleted deployment pipeline | The activity is recorded when a deployment pipeline is deleted in Power BI. | Deleting an entire deployment pipeline; Removing a deployment pipeline from the Power BI tenant |
| Deployment pipeline management | Created deployment pipeline | The activity is recorded when a new deployment pipeline is created in Power BI. | Creating a new deployment pipeline for Power BI; Setting up a new deployment pipeline for managing Power BI artifacts |
| Deployment pipeline management | Deployed to a pipeline stage | The activity is recorded when a Power BI artifact is deployed to a stage within a deployment pipeline. | Deploying a Power BI report to a specific stage in the pipeline; Pushing Power BI artifacts to a deployment pipeline stage |
| Deployment pipeline management | Updated deployment pipeline configuration | The activity is recorded when the configuration of a deployment pipeline is updated in Power BI. | Modifying the configuration settings of a Power BI deployment pipeline; Changing deployment pipeline configuration parameters |
| Deployment pipeline management | Updated deployment pipeline access | The activity is recorded when access to a deployment pipeline is updated in Power BI. | Changing user permissions for a deployment pipeline; Updating access control settings for a Power BI deployment pipeline |
| Deployment pipeline management | Deleted deployment pipeline access | The activity is recorded when access to a deployment pipeline is deleted in Power BI. | Removing user access to a Power BI deployment pipeline; Revoking permissions for a Power BI deployment pipeline |
| Deployment pipeline management | Updated deployment pipeline | The activity is recorded when a deployment pipeline is updated in Power BI. | Modifying the settings or structure of a deployment pipeline; Updating deployment pipeline settings to accommodate new Power BI artifacts |
| External resource management | Added external resource | The activity is recorded when an external resource is added to a Power BI workspace or artifact. | Adding an external data source or resource to a Power BI workspace; Linking external resources to Power BI artifacts |
| External resource management | Added link to external resource | The activity is recorded when a link to an external resource is added to a Power BI workspace or artifact. | Adding a hyperlink to an external resource in Power BI; Linking external resources to Power BI reports or dashboards |
| External resource management | Deleted link to external resource | The activity is recorded when a link to an external resource is deleted from a Power BI workspace or artifact. | Removing a link to an external resource from Power BI; Deleting a hyperlink pointing to an external resource |
| Data management | Updated featured tables | The activity is recorded when featured tables are updated in Power BI. | Changing the list of featured tables in a Power BI report; Updating which tables are highlighted as featured in a Power BI dataset |
| Security and compliance | Applied sensitivity label to Power BI artifact | The activity is recorded when a sensitivity label is applied to a Power BI artifact. | Applying a data sensitivity label to a Power BI report or dataset; Labeling Power BI artifacts with appropriate sensitivity classification |
| Security and compliance | Changed sensitivity label for Power BI artifact | The activity is recorded when the sensitivity label for a Power BI artifact is changed. | Modifying the sensitivity label on a Power BI report; Changing the sensitivity classification of a Power BI dataset |
| Security and compliance | Deleted sensitivity label from Power BI artifact | The activity is recorded when a sensitivity label is removed from a Power BI artifact. | Removing the sensitivity label from a Power BI dataset or report; Deleting the data sensitivity classification from a Power BI artifact |
| Power BI scorecard management | Created a Power BI scorecard goal | The activity is recorded when a new scorecard goal is created in Power BI. | Creating a new goal within a Power BI scorecard; Defining a new key performance indicator (KPI) in a Power BI scorecard |
| Power BI scorecard management | Created a Power BI goal value | The activity is recorded when a new goal value is created for a Power BI scorecard goal. | Creating a value for a goal in a Power BI scorecard; Defining specific goal values to track performance in a Power BI scorecard |
| Power BI scorecard management | Created a Power BI scorecard | The activity is recorded when a Power BI scorecard is created. | Creating a new Power BI scorecard to track business metrics; Building a new scorecard for performance tracking in Power BI |
| Power BI scorecard management | Deleted Power BI goal | The activity is recorded when a Power BI goal is deleted. | Deleting a goal from a Power BI scorecard; Removing a key performance indicator (KPI) from a Power BI scorecard |
| Power BI scorecard management | Deleted current value connection of Power BI goal | The activity is recorded when the current value connection for a Power BI goal is deleted. | Removing the current value connection from a Power BI goal; Deleting the link between a Power BI goal and its current value |
| Power BI scorecard management | Deleted target value connection of Power BI goal | The activity is recorded when the target value connection for a Power BI goal is deleted. | Removing the target value connection from a Power BI goal; Deleting the link between a Power BI goal and its target value |
| Power BI scorecard management | Deleted Power BI goal value | The activity is recorded when a Power BI goal value is deleted. | Deleting a goal value from a Power BI scorecard; Removing a performance tracking value from a Power BI scorecard goal |
| Power BI content management | Deleted Power BI note | The activity is recorded when a Power BI note is deleted. | Removing a note from a Power BI report or dashboard; Deleting user-added notes on Power BI artifacts |
| Power BI scorecard management | Deleted Power BI scorecard | The activity is recorded when a Power BI scorecard is deleted. | Deleting an entire Power BI scorecard; Removing a scorecard from a Power BI workspace |
| Power BI scorecard management | Retrieved Power BI goal | The activity is recorded when a Power BI goal is retrieved. | Fetching the details of a specific Power BI goal; Retrieving a key performance indicator (KPI) from a Power BI scorecard |
| Power BI scorecard management | Retrieved goals of Power BI scorecard | The activity is recorded when all goals of a Power BI scorecard are retrieved. | Fetching all goals associated with a Power BI scorecard; Retrieving all KPIs from a Power BI scorecard |
| Power BI scorecard management | Retrieved Power BI goal value | The activity is recorded when a Power BI goal value is retrieved. | Fetching the value of a specific Power BI goal; Retrieving the performance value associated with a goal in Power BI |
| Power BI scorecard management | Retrieved multiple Power BI goal values | The activity is recorded when multiple Power BI goal values are retrieved. | Fetching multiple goal values from a Power BI scorecard; Retrieving a set of performance metrics related to several goals |
| Power BI refresh management | Retrieved Power BI refresh history | The activity is recorded when the refresh history of a Power BI dataset or artifact is retrieved. | Fetching the refresh history of a Power BI report; Retrieving the update history of a Power BI dataset |
| Power BI scorecard management | Retrieved Power BI scorecard | The activity is recorded when a Power BI scorecard is retrieved. | Fetching details of a Power BI scorecard; Retrieving a specific scorecard for performance tracking |
| Power BI scorecard management | Retrieved Power BI scorecard by using report ID | The activity is recorded when a Power BI scorecard is retrieved using a report ID. | Retrieving a Power BI scorecard by its associated report ID; Accessing a Power BI scorecard through a unique report identifier |
| Power BI scorecard management | Retrieved multiple Power BI scorecards | The activity is recorded when multiple Power BI scorecards are retrieved. | Fetching multiple scorecards from a Power BI workspace; Retrieving several scorecards for performance tracking in Power BI |
| Power BI content management | Inserted Power BI note | The activity is recorded when a Power BI note is inserted into an artifact. | Adding a note to a Power BI report or dashboard; Inserting user-generated notes on Power BI artifacts |
| Power BI scorecard management | Patched Power BI goal | The activity is recorded when a Power BI goal is patched or updated. | Modifying the details of a specific Power BI goal; Updating a key performance indicator (KPI) in a Power BI scorecard |
| Power BI scorecard management | Patched Power BI goal value | The activity is recorded when a Power BI goal value is patched or updated. | Modifying the value associated with a Power BI goal; Updating the performance value for a goal in Power BI |
| Power BI content management | Patched Power BI note | The activity is recorded when a Power BI note is patched or updated. | Updating the content of a Power BI note; Modifying a previously added note on a Power BI artifact |
| Power BI scorecard management | Patched Power BI scorecard | The activity is recorded when a Power BI scorecard is patched or updated. | Modifying a Power BI scorecard's details; Updating a scorecard used for performance tracking in Power BI |
| Power BI scorecard management | Inserted or updated current value connection of Power BI goal | The activity is recorded when the current value connection for a Power BI goal is inserted or updated. | Adding or updating the current value connection for a goal in Power BI; Inserting or modifying the performance tracking for a Power BI goal |
| Power BI scorecard management | Inserted or updated target value connection of Power BI goal | The activity is recorded when the target value connection for a Power BI goal is inserted or updated. | Adding or updating the target value connection for a Power BI goal; Modifying the target value for a goal in a Power BI scorecard |
| Power BI scorecard management | Refreshed current value of Power BI goal | The activity is recorded when the current value for a Power BI goal is refreshed. | Refreshing the current value for a Power BI goal; Updating the current performance value of a goal in Power BI |
| Power BI scorecard management | Refreshed target value of Power BI goal | The activity is recorded when the target value for a Power BI goal is refreshed. | Refreshing the target value for a Power BI goal; Updating the target performance value of a goal in Power BI |
| Power BI sharing and collaboration | Shared Power BI dataset | The activity is recorded when a Power BI dataset is shared with others. | Sharing a Power BI dataset with colleagues; Giving access to a Power BI dataset for external users |
| Power BI data management | Created a Power BI datamart | The activity is recorded when a Power BI datamart is created. | Creating a new datamart in Power BI; Setting up a new data storage solution in Power BI |
| Power BI data management | Updated a Power BI datamart | The activity is recorded when a Power BI datamart is updated. | Updating the configuration of a Power BI datamart; Modifying a datamart in Power BI for new data sources |
| Power BI data management | Updated metadata for a Power BI datamart | The activity is recorded when metadata for a Power BI datamart is updated. | Modifying the metadata structure for a Power BI datamart; Updating schema or column information in a Power BI datamart |
| Power BI data management | Refreshed a Power BI datamart | The activity is recorded when a Power BI datamart is refreshed. | Refreshing the data in a Power BI datamart; Performing a full or partial refresh on a Power BI datamart |
| Power BI data management | Deleted a Power BI datamart | The activity is recorded when a Power BI datamart is deleted. | Deleting an existing Power BI datamart; Removing a datamart from the Power BI workspace |
| Power BI data management | Updated settings for a Power BI datamart | The activity is recorded when the settings for a Power BI datamart are updated. | Modifying the configuration settings for a Power BI datamart; Adjusting data retention or update settings for a Power BI datamart |
| Power BI data management | Upserted parameters for a Power BI datamart | The activity is recorded when parameters for a Power BI datamart are upserted (inserted or updated). | Inserting or updating parameters in a Power BI datamart; Configuring dynamic parameters for a Power BI datamart |
| Power BI data management | Viewed a Power BI datamart | The activity is recorded when a Power BI datamart is viewed. | Viewing the contents or details of a Power BI datamart; Accessing the data in a Power BI datamart |
| Power BI sharing and collaboration | Shared a Power BI datamart | The activity is recorded when a Power BI datamart is shared with others. | Sharing a Power BI datamart with other users or groups; Granting access to a Power BI datamart |
| Power BI refresh management | Canceled a Power BI datamart refresh | The activity is recorded when a Power BI datamart refresh is canceled. | Stopping an ongoing refresh for a Power BI datamart; Canceling a scheduled refresh for a Power BI datamart |
| Power BI data management | Resumed a suspended Power BI datamart | The activity is recorded when a suspended Power BI datamart is resumed. | Resuming the operation of a suspended Power BI datamart; Restoring a paused Power BI datamart to active status |
| Power BI data management | Renamed a Power BI datamart | The activity is recorded when a Power BI datamart is renamed. | Changing the name of a Power BI datamart; Updating the label or identifier for a Power BI datamart |
| Power BI endorsement management | Edited a datamart endorsement | The activity is recorded when a datamart endorsement is edited. | Changing the endorsement level or status for a Power BI datamart; Updating the endorsement message for a datamart |
| Power BI external integration | Connected to a Power BI datamart from an external app | The activity is recorded when an external app connects to a Power BI datamart. | Establishing a connection between an external application and a Power BI datamart; Accessing Power BI data from a third-party app via datamart |
| Power BI data management | Updated a default warehouse | The activity is recorded when a default warehouse is updated. | Modifying the configuration of a default warehouse; Updating warehouse settings for Power BI datasets |
| Power BI data management | Upserted parameters for a default warehouse | The activity is recorded when parameters for a default warehouse are upserted (inserted or updated). | Inserting or updating parameters in a default warehouse; Configuring dynamic parameters for a default warehouse |
| Power BI data management | Viewed a default warehouse | The activity is recorded when a default warehouse is viewed. | Viewing the details or contents of a default warehouse; Accessing data stored in the default warehouse for Power BI |
| Power BI batch management | Canceled a default warehouse batch | The activity is recorded when a batch in a default warehouse is canceled. | Stopping an ongoing batch operation for a default warehouse; Canceling the processing of data in the warehouse |
| Power BI data management | Resumed a suspended default warehouse | The activity is recorded when a suspended default warehouse is resumed. | Resuming operations for a suspended default warehouse; Restoring a paused default warehouse to active status |
| Power BI data management | Refreshed metadata for a default warehouse | The activity is recorded when metadata for a default warehouse is refreshed. | Refreshing the schema or metadata in the default warehouse; Updating data models and metadata within a default warehouse |
| Power BI endorsement management | Edited a default warehouse endorsement | The activity is recorded when a default warehouse endorsement is edited. | Changing the endorsement level for a default warehouse; Updating the endorsement message for a default warehouse |
| Power BI analytics management | Canceled a lakehouse SQL analytics endpoint batch | The activity is recorded when a batch for a lakehouse SQL analytics endpoint is canceled. | Stopping a batch process for a lakehouse SQL analytics endpoint; Canceling a data processing task in the lakehouse analytics system |
| Power BI endorsement management | Edited a lakehouse SQL analytics endpoint endorsement | The activity is recorded when a lakehouse SQL analytics endpoint endorsement is edited. | Modifying the endorsement message for a lakehouse SQL analytics endpoint; Changing the endorsement level for a lakehouse analytics endpoint |
| Power BI data management | Refreshed metadata for a lakehouse SQL analytics endpoint | The activity is recorded when metadata for a lakehouse SQL analytics endpoint is refreshed. | Refreshing the schema or metadata for a lakehouse SQL analytics endpoint; Updating the configuration of a lakehouse SQL analytics endpoint |
| Lakehouse SQL analytics endpoint activities | Resumed a suspended lakehouse SQL analytics endpoint | This activity is logged when a user or system resumes a previously suspended lakehouse SQL analytics endpoint in Microsoft Fabric, enabling queries and operations to be performed again. | Resuming a suspended SQL analytics endpoint from the Fabric workspace; Using an API or script to reactivate a lakehouse SQL analytics endpoint; Restoring query capability after a pause in the lakehouse analytics endpoint |
| Lakehouse SQL analytics endpoint activities | Updated a lakehouse SQL analytics endpoint | This activity is logged when a user modifies a lakehouse SQL analytics endpoint's configuration or properties. | Changing compute size or settings of the endpoint; Updating connection properties via the Fabric portal |
| Lakehouse SQL analytics endpoint activities | Updated settings for a lakehouse SQL analytics endpoint | This activity occurs when a user adjusts operational settings of a lakehouse SQL analytics endpoint. | Toggling endpoint availability; Adjusting usage limits or quotas |
| Lakehouse SQL analytics endpoint activities | Upserted parameters for a lakehouse SQL analytics endpoint | The activity is logged when a user adds or updates parameters related to a lakehouse SQL analytics endpoint. | Adding a new parameter to the endpoint; Modifying an existing parameter |
| Lakehouse SQL analytics endpoint activities | Viewed a lakehouse SQL analytics endpoint | The activity occurs when a user views configuration or metadata of a lakehouse SQL analytics endpoint. | Viewing endpoint details in the Fabric workspace; Accessing metadata programmatically |
| Warehouse activities | Created a warehouse | This activity is recorded when a user creates a new warehouse in Microsoft Fabric. | Creating a SQL warehouse from Fabric UI; Provisioning a warehouse using an API |
| Warehouse activities | Updated a warehouse | This activity is logged when a user updates settings or properties of a warehouse. | Renaming the warehouse; Changing settings or configuration |
| Warehouse activities | Updated metadata for a warehouse | The activity is logged when warehouse metadata (such as schema, tables, or objects) is updated. | Modifying table schema; Altering view definitions |
| Warehouse activities | Deleted a warehouse | This activity is logged when a warehouse is removed from Microsoft Fabric. | Deleting a warehouse through the UI or API; Cleaning up unused SQL warehouses |
| Warehouse activities | Updated settings for a warehouse | This activity is recorded when configuration settings of a warehouse are modified. | Tuning performance settings; Enabling or disabling features |
| Warehouse activities | Upserted parameters for a warehouse | The activity occurs when a parameter is added or updated for a warehouse. | Setting connection parameters; Configuring operational parameters |
| Warehouse activities | Viewed a warehouse | This activity is recorded when a user accesses details or metadata of a warehouse. | Viewing warehouse dashboard or schema; Running metadata queries |
| Warehouse activities | Canceled a warehouse batch | This activity is logged when an in-progress batch operation in a warehouse is canceled. | Aborting a long-running job; Canceling a scheduled task |
| Warehouse activities | Resumed a suspended warehouse | This activity occurs when a suspended warehouse is reactivated by a user or system. | Resuming compute activity; Reenabling access after a pause |
| Warehouse activities | Renamed a warehouse | This activity is logged when the display name or ID of a warehouse is changed. | Changing the name via the UI or API; Renaming a development warehouse |
| Warehouse activities | Shared a warehouse | This activity is recorded when a warehouse is shared with other users or groups. | Granting access permissions to a warehouse; Adding collaborators to a warehouse |
| Warehouse activities | Edited a warehouse endorsement | This activity occurs when a user modifies the endorsement settings for a warehouse. | Setting the warehouse as certified or promoted; Changing endorsement notes |
| Warehouse activities | Connected to a warehouse or default warehouse from an external app | The activity is logged when a third-party or external application connects to a Fabric warehouse. | Using external BI tools to access the warehouse; Connecting via SQL client or API |
| Warehouse and lakehouse activities | Connected to a warehouse or lakehouse SQL analytics endpoint from an external app | This activity occurs when an external app establishes a connection with a warehouse or lakehouse endpoint. | Accessing endpoint using an integration tool; Querying from a reporting service |
| Lakehouse SQL analytics endpoint activities | Created an SQL query from an SQL Analytics Endpoint Lakehouse | This activity is logged when a user writes and executes an SQL query from a lakehouse SQL endpoint. | Running SELECT queries from the lakehouse; Executing joins or aggregations via SQL interface |
| Lakehouse SQL analytics endpoint activities | Created a visual query from an SQL Analytics Endpoint Lakehouse | This activity is recorded when a user creates a visual query (drag-and-drop or UI-based) from a lakehouse SQL endpoint. | Building a chart using Fabric's visual query tool; Generating visual reports from lakehouse data |
| Warehouse activities | Created an SQL query from a Warehouse | This activity is logged when a user creates a traditional SQL query against a Fabric warehouse. | Querying sales data from the warehouse; Joining multiple tables with SQL |
| Warehouse activities | Created a visual query from a Warehouse | This activity is logged when a visual query is created using the UI tools in the warehouse context. | Using the query builder to create visual charts; Constructing reports visually in a warehouse workspace |
| Lakehouse SQL analytics endpoint activities | Deleted an SQL query from an SQL Analytics Endpoint Lakehouse | This activity is logged when a user deletes an existing SQL query created from a lakehouse SQL endpoint. | Deleting saved queries from the query editor; Removing obsolete SQL scripts |
| Lakehouse SQL analytics endpoint activities | Deleted a visual query from an SQL Analytics Endpoint Lakehouse | This activity is recorded when a user deletes a saved visual query associated with a lakehouse SQL endpoint. | Removing visual charts created via drag-and-drop; Deleting visual report definitions |
| Warehouse activities | Deleted an SQL query from a Warehouse | This activity is logged when a user deletes a saved SQL query from a warehouse. | Deleting legacy or test queries from warehouse editor; Removing saved analytical SQL queries |
| Warehouse activities | Deleted a visual query from a Warehouse | This activity occurs when a user deletes a saved visual query from a warehouse workspace. | Deleting drag-and-drop reports in the warehouse; Clearing unused visualizations |
| Teams integration activities | Retrieved list of teams user is a member of | This activity is recorded when a list of Microsoft Teams a user belongs to is retrieved, typically through an integration or administrative action. | Pulling team membership for sharing content; Using API to fetch user group information |
| Teams integration activities | Pinned report in Teams | The activity is logged when a user pins a Fabric or Power BI report to a Teams channel or chat. | Pinning a Fabric report to a tab in Teams; Adding analytics as a pinned item for visibility |
| Lakehouse table activities | Shared a lakehouse table | This activity occurs when a user shares a specific table within a lakehouse with other users or services. | Sharing a delta table with team members; Granting access to external services |
| Lakehouse table activities | Previewed a lakehouse table | This activity is logged when a user previews table content within a lakehouse environment. | Viewing sample records of a table; Using preview in Fabric UI or notebook |
| Lakehouse table activities | Listed tables in a lakehouse | The activity is recorded when a user lists available tables in a lakehouse workspace. | Executing SHOW TABLES command; Browsing table list in UI |
| Lakehouse table activities | Retrieved details of a lakehouse table | This activity is logged when metadata or schema of a specific lakehouse table is accessed. | Accessing column definitions; Querying metadata for schema validation |
| Lakehouse table activities | Retrieved details of multiple lakehouse tables | This activity occurs when information from more than one lakehouse table is retrieved programmatically or via UI. | Fetching schema for all tables in a database; Auditing table metadata |
| Lakehouse table activities | Loaded a lakehouse table | The activity is logged when a table is loaded into the lakehouse for processing or querying. | Reading a table into a notebook; Executing LOAD TABLE command |
| Lakehouse table maintenance | Vacuumed a lakehouse table | This activity is recorded when a vacuum operation is performed to clean up obsolete data files in a delta lake table. | Running VACUUM on delta tables; Cleaning up data files |
| Lakehouse table maintenance | Optimized a lakehouse table | This activity occurs when optimization operations like compaction or Z-Ordering are executed on a lakehouse table. | Executing OPTIMIZE for performance; Reorganizing data files in lakehouse |
| Lakehouse SQL analytics endpoint activities | Retried lakehouse SQL endpoint creation | This activity is logged when a previously failed attempt to create a lakehouse SQL endpoint is retried. | Retrying a failed provisioning operation; Automatically attempting creation after error |
| Lakehouse file operations | Created a lakehouse file | This activity occurs when a new file is added to the lakehouse file system. | Uploading a CSV or Parquet file; Creating a new folder item programmatically |
| Lakehouse file operations | Deleted a lakehouse file | The activity is recorded when a file is deleted from the lakehouse file system. | Removing a CSV file from storage; Deleting raw data files |
| Lakehouse file operations | Dropped a lakehouse file | This activity is logged when a lakehouse file is forcefully removed or deleted using a drop command. | Dropping managed files in notebooks; Executing DROP command on file paths |
| Lakehouse file operations | Renamed a lakehouse file | This activity is recorded when a file in the lakehouse file system is renamed. | Renaming a data file using Fabric UI; Using API to change file name |
| Lakehouse file operations | Created a lakehouse folder | This activity is logged when a new folder is created in the lakehouse file system. | Creating a directory for organizing data files; Adding a new folder via notebook or UI |
| Lakehouse file operations | Deleted a lakehouse folder | This activity is recorded when a folder and its contents are removed from the lakehouse. | Deleting a folder from the UI; Removing obsolete directory structures |
| Lakehouse file operations | Dropped a lakehouse folder | This activity occurs when a folder is forcefully removed using drop commands or advanced file operations. | Executing DROP on a folder path; Programmatically deleting folder structures |
| Lakehouse file operations | Renamed a lakehouse folder | This activity occurs when a folder in the lakehouse file system is renamed. | Renaming folders to reflect data changes; Updating naming conventions for directories |
| Lakehouse table activities | Created a lakehouse table | This activity is logged when a new table is created in a lakehouse. | Creating a delta table via SQL; Saving DataFrame as a new table |
| Lakehouse table activities | Deleted a lakehouse table | This activity occurs when a table is removed from the lakehouse. | Removing unused tables; Cleaning up test tables |
| Lakehouse table activities | Dropped a lakehouse table | This activity is recorded when a table is dropped from the lakehouse, often using SQL DROP command. | Executing DROP TABLE command; Removing managed tables completely |
| Lakehouse table activities | Renamed a lakehouse table | This activity occurs when a lakehouse table is renamed. | Renaming a table after schema updates; Adjusting naming to match standards |
| Lakehouse table activities | Refreshed lakehouse data | This activity is logged when data is refreshed or reloaded in the lakehouse. | Refreshing data for updated partitions; Reloading external data sources |
| Reporting activities | Created report from lakehouse | This activity is recorded when a report is generated using data from a lakehouse. | Building a Power BI report from a lakehouse table; Creating insights using lakehouse datasets |
| Compliance and security | Set a lakehouse sensitivity label | This activity occurs when a sensitivity label is applied to a lakehouse resource. | Applying 'Confidential' to a lakehouse; Labeling sensitive datasets |
| Governance activities | Set a lakehouse endorsement | This activity is logged when an endorsement (promoted or certified) is set for a lakehouse. | Marking a lakehouse as certified; Promoting a verified data source |
| Lakehouse file operations | Created a lakehouse shortcut link | This activity occurs when a shortcut link is created to point to data in another lakehouse or storage. | Linking to another Delta table in a different workspace; Adding a pointer to shared data |
| Notebook collaboration | Committed a notebook | This activity is logged when changes in a notebook are saved or committed. | Saving notebook edits; Versioning changes with commit |
| Notebook configuration | Updated notebook library | This activity occurs when packages or libraries used in a notebook environment are updated. | Adding pandas to a Spark session; Updating numpy version |
| Notebook configuration | Updated notebook Apache Spark properties | This activity is recorded when Spark configuration settings are updated for a notebook session. | Setting Spark executor memory; Changing partition configs |
| Notebook collaboration | Posted a notebook comment | This activity occurs when a user posts a comment on a notebook for discussion or review. | Leaving feedback on a code block; Collaborating in shared notebook |
| Notebook collaboration | Coauthored a notebook | This activity is logged when multiple users collaborate simultaneously in a notebook. | Real-time editing with colleagues; Live collaboration in Fabric notebooks |
| Notebook execution | Started a notebook session | This activity is recorded when a new notebook session begins (e.g., Spark kernel starts). | Launching notebook runtime; Initializing compute session |
| Notebook execution | Stopped a notebook session | This activity occurs when a running notebook session is stopped. | Stopping Spark kernel; Manually ending session |
| Notebook execution | Started a notebook execution | This activity is logged when a user begins running cells in a notebook. | Running data processing code; Executing cell in Spark notebook |
| Notebook configuration | Set the notebook configuration | This activity occurs when a configuration profile or environment is set for a notebook. | Setting environment variables; Selecting compute profile |
| Environment resources | Created environment resource | This activity is recorded when a new environment resource is created in a Fabric workspace. | Adding custom compute environment; Creating an isolated runtime |
| Environment resources | Updated environment resource | This activity occurs when an existing environment resource is modified. | Changing environment dependencies; Modifying compute specs |
| Environment resources | Deleted environment resource | This activity occurs when an environment resource is deleted from the workspace. | Removing outdated environments; Cleaning up unused configurations |
| Environment resources | Read environment resource | This activity is logged when a user accesses or views an environment resource's details. | Viewing compute specs or dependencies; Checking environment status |
| Environment resources | Downloaded environment resource | This activity occurs when an environment resource is exported or downloaded. | Backing up an environment; Transferring environment setup |
| Environment publishing | Started publish environment | This activity is recorded when the publishing process for an environment is initiated. | Publishing new environment version; Deploying environment to shared workspace |
| Environment publishing | Cancelled publish environment | This activity is logged when a publish operation for an environment is cancelled before completion. | Stopping a deployment; Halting a publish process |
| Environment publishing | Finished publish environment | This activity occurs when the publishing process for an environment is successfully completed. | Completing deployment; Publishing environment version |
| Environment resources | Updated environment spark settings | This activity is recorded when Spark-specific settings in an environment are modified. | Tuning Spark executor memory; Changing number of partitions |
| Apache Spark activities | Open the Apache Spark application detail page | This activity occurs when a user opens the detail view for an Apache Spark application. | Inspecting job performance; Reviewing Spark application metadata |
| Apache Spark activities | Cancel the Apache Spark application | This activity is logged when a running Spark application is canceled. | Terminating long-running Spark jobs; Stopping failed applications |
| Apache Spark activities | View log of the Apache Spark application | This activity is recorded when a user views the execution logs of a Spark application. | Reviewing debug information; Analyzing execution errors |
| Apache Spark activities | Load more log of the Apache Spark application | This activity is logged when additional segments of a Spark log are loaded for viewing. | Scrolling through execution logs; Loading extended log content |
| Apache Spark activities | Download the log of the Apache Spark application | This activity occurs when logs from a Spark application are downloaded by a user. | Exporting logs for offline review; Sharing logs for troubleshooting |
| Apache Spark activities | View input output data list of the Apache Spark application | This activity is recorded when a user views the list of datasets used as input or produced as output by a Spark application. | Inspecting data lineage; Checking transformation outputs |
| Git integration | Committed to Git | This activity occurs when a user commits changes from the workspace to a Git repository. | Saving new scripts; Committing notebook changes |
| Git integration | Updated from Git | This activity is logged when updates are pulled from a Git repository into the workspace. | Syncing with remote main branch; Pulling teammate changes |
| Git integration | Connected workspace to Git | This activity is recorded when a workspace is connected to a Git repository. | Linking to Azure DevOps; Setting up source control |
| Git integration | Disconnected workspace from Git | This activity occurs when the Git repository is disconnected from a workspace. | Unlinking from DevOps; Removing source control |
| Git integration | Created branch in Git | This activity is logged when a new branch is created in the connected Git repository. | Creating feature branch; Starting development branch |
| Git integration | Created directory in Git | This activity is recorded when a new directory is created and tracked via Git. | Adding a new folder for scripts; Structuring project directories |
| Git integration | Undid workspace changes | This activity occurs when local changes in the workspace are undone. | Discarding unsaved edits; Reverting notebook to previous state |
| Job scheduling | Set a SJD retry policy | This activity is recorded when a retry policy is set for a Scheduled Job Definition (SJD). | Configuring retry logic for failed runs; Setting max retry attempts |
| Job scheduling | Overrode SJD Apache Spark settings | This activity is logged when Spark settings for a Scheduled Job Definition (SJD) are overridden. | Adjusting Spark executor memory; Changing job-level Spark configs |
| Notebook activities | Created resource in notebook | This activity occurs when a new resource (e.g., data connection, file) is created within a notebook. | Adding a new data source; Creating a temporary file |
| Notebook activities | Updated resource in notebook | This activity is logged when an existing resource in a notebook is updated. | Editing connection settings; Modifying file contents |
| Notebook activities | Deleted resource in notebook | This activity occurs when a resource within a notebook is deleted. | Removing temp files; Deleting data connections |
| Notebook activities | Downloaded resource in notebook | This activity is recorded when a notebook resource is downloaded. | Exporting notebook output; Downloading files |
| Notebook activities | Set default lakehouse for notebook | This activity is logged when a default lakehouse is set for a notebook session. | Assigning default data source; Linking notebook to lakehouse |
| Notebook activities | Attached environment for notebook | This activity occurs when a specific environment is attached to a notebook. | Attaching compute environment; Setting Spark environment |
| Machine learning | Added an experiment run | This activity is logged when a new ML experiment run is recorded. | Logging model training run; Recording experiment metrics |
| Machine learning | Deleted an experiment run | This activity occurs when an experiment run is deleted from ML tracking. | Removing invalid run; Cleaning experiment history |
| Machine learning | Read an experiment run | This activity is recorded when a user accesses or views details of a specific experiment run. | Viewing training results; Checking run metrics |
| Machine learning | Updated an experiment run | This activity is logged when metadata or details of an experiment run are updated. | Changing run description; Updating run tags |
| Machine learning | Added a model version | This activity occurs when a new version of a model is added to the ML workspace. | Versioning trained models; Registering updated model |
| Machine learning | Deleted a model version | This activity is logged when a model version is removed from the system. | Removing outdated models; Cleaning up test versions |
| Machine learning | Added a model version endpoint | This activity is recorded when an endpoint is created for a specific model version. | Deploying REST API endpoint; Creating scoring endpoint |
| Machine learning | Invoked a model version endpoint | This activity occurs when a model endpoint is called or triggered. | Sending data for prediction; Calling model inference |
| Machine learning | Deleted a model version endpoint | This activity is logged when a model version endpoint is deleted. | Removing unused endpoints; Clearing old APIs |
| Machine learning | Deleted a model endpoint | This activity is recorded when an overall model endpoint (regardless of version) is removed. | Clearing all model access points; Resetting endpoint settings |
| Machine learning | Configured a model endpoint | This activity occurs when settings for a model endpoint are modified. | Setting concurrency; Changing scaling options |
| Machine learning | Requested Cognitive Service in ML workload | This activity is logged when a user accesses Azure Cognitive Services as part of an ML workflow. | Using text analytics; Calling language services |
| Machine learning | Requested OpenAI models in ML workload | This activity occurs when OpenAI models are used within an ML workload. | Querying GPT model; Embedding text with OpenAI |
| Machine learning | Deployed a model version | This activity is recorded when a specific model version is deployed to an environment. | Deploying model to staging; Pushing model to production |
| Artifacts | Created an artifact | This activity is logged when an artifact (like logs, metrics, files) is generated or saved from an ML or notebook session. | Saving training metrics; Storing model outputs |
| Artifacts | Deleted an artifact | This activity is logged when a user deletes an artifact such as a dataset, model, or output file. | Removing outdated model files; Cleaning up run outputs |
| Artifacts | Read an artifact | This activity occurs when a user accesses or views an artifact. | Viewing stored model; Checking experiment result |
| Artifacts | Updated an artifact | This activity is logged when metadata or content of an artifact is updated. | Renaming output file; Modifying tags or descriptions |
| Artifacts | Edited artifact endorsement | This activity is recorded when the endorsement status (e.g., certified or promoted) of an artifact is changed. | Certifying a dataset; Removing promoted label |
| Artifacts | Ran an artifact | This activity occurs when an artifact, such as a pipeline or script, is executed. | Executing data pipeline; Running a saved notebook |
| Artifacts | Cancelled running an artifact | This activity is logged when the execution of an artifact is stopped before completion. | Stopping long-running job; Aborting a notebook |
| Artifacts | Shared an artifact | This activity is recorded when an artifact is shared with other users or groups. | Sharing dataset with team; Granting report access |
| Artifacts | Scheduled an artifact | This activity occurs when an artifact is scheduled for future execution. | Scheduling a nightly pipeline; Automating report refresh |
| Artifacts | Added an artifact to a pipeline | This activity is logged when an artifact is included as a step or input in a pipeline. | Adding model to deployment pipeline; Linking dataset to ETL pipeline |
| Power BI | Updated Power BI in place sharing settings | This activity is recorded when settings for sharing Power BI items in-place are modified. | Changing workspace sharing options; Editing default share permissions |
| Power Platform | Exported package for Power Apps solution | This activity occurs when a solution package is exported from Power Apps. | Backing up Power Apps solutions; Moving solutions between environments |
| Power Platform | Imported package for Power Apps solution | This activity is logged when a solution package is imported into Power Apps. | Deploying solution to new environment; Restoring custom app |
| Power Platform | Detected customizations for Power Apps solution | This activity occurs when Power Apps detects customizations in a solution during import/export. | Checking for unmanaged customizations; Reviewing solution changes |
| Power Platform | Updated parameters for Power Apps solution | This activity is recorded when configuration parameters for a Power Apps solution are changed. | Changing API key; Setting custom endpoints |
| Power BI | Used Power BI to explore data in an external app | This activity is logged when Power BI is used to visualize or analyze data from an external app. | Exploring Excel-connected dataset; Linking data from third-party tools |
| Power BI | Saved an autogenerated dataset to Power BI | This activity occurs when a dataset generated from a report or query is saved into Power BI. | Creating dataset from visual; Saving model results to Power BI |
| Power BI | Saved an autogenerated report to Power BI | This activity is logged when a report generated by the system is saved to Power BI. | Saving AI-generated visualizations; Storing autogenerated insights |
| Power BI | Retrieved Power BI dataset refresh history via Azure Lockbox | This activity occurs when dataset refresh history is accessed using Azure Lockbox for compliance or support purposes. | Audit refresh failures; Track refresh timings |
| Power BI / Compliance | Delete Admin Usage Dashboards for tenant via Azure Lockbox | This activity is logged when admin usage dashboards are deleted for the tenant using Azure Lockbox. | Removing old usage reports; Compliance dashboard clean-up |
| Power BI / Compliance | Delete Admin Monitoring folder for tenant via Azure Lockbox | This activity is recorded when the admin monitoring folder is deleted via Azure Lockbox. | Clearing legacy monitoring data; Resetting monitoring structure |
| Power BI / Compliance | Delete Usage Metrics v2 package for workspace via Azure Lockbox | This activity is logged when the Usage Metrics v2 package is removed from a workspace using Azure Lockbox. | Cleaning up unused metrics; Removing outdated reports |
| Power BI | Added admin access to a personal workspace in Power BI | This activity occurs when an administrator grants themselves admin access to a personal workspace in Power BI. | Granting admin access to personal workspace; Allowing full control over workspace settings |
| Power BI | Removed admin access from a personal workspace in Power BI | This activity is logged when an administrator removes admin access from a personal workspace in Power BI. | Revoking admin rights from a personal workspace; Removing full control over workspace settings |
| Power BI | Converted a personal workspace to workspace in Power BI | This activity occurs when a personal workspace is converted into a regular workspace within Power BI. | Converting workspace for team collaboration; Upgrading personal workspace to organizational workspace |
| Power BI | Updated default capacity of personal workspaces in Power BI | This activity is recorded when the default capacity settings for personal workspaces are updated in Power BI. | Adjusting capacity limits for personal workspaces; Allocating more resources to personal workspace |
| Power BI | Created a Power BI goal role | This activity is logged when a new goal role is created within Power BI. | Creating a custom goal role for team members; Defining user access for goal-related tasks |
| Power BI | Retrieved Power BI goal role | This activity occurs when a user retrieves information about a specific goal role in Power BI. | Viewing details of a goal role; Accessing role assignments for Power BI goals |
| Power BI | Updated Power BI goal role | This activity is recorded when a goal role in Power BI is updated. | Modifying access levels for a goal role; Changing responsibilities within a goal role |
| Power BI | Deleted Power BI goal role | This activity is logged when a goal role in Power BI is deleted. | Removing an unused goal role; Clearing roles for goal management |
| Power BI | Retrieved all Power BI scorecards | This activity occurs when a user retrieves all scorecards from Power BI. | Fetching a list of available scorecards; Accessing all goal performance data in Power BI |
| Power BI | Provisioned a Power BI scorecard | This activity is recorded when a new scorecard is provisioned in Power BI. | Setting up a new scorecard to track KPIs; Creating a performance tracking tool in Power BI |
| Power BI | Created the Power BI goal value categories | This activity occurs when a user creates new goal value categories in Power BI. | Defining categories for goal progress; Creating different levels of performance indicators for goals |
| Power BI | Retrieved the Power BI goal value categories | This activity is logged when the categories of goal values in Power BI are retrieved. | Viewing categories for goal tracking; Listing goal value categories in a scorecard |
| Power BI | Patched the Power BI goal value categories | This activity is recorded when goal value categories in Power BI are patched or updated. | Changing value thresholds in goal categories; Updating progress definitions for goals |
| Power BI | Deleted the Power BI goal value categories | This activity occurs when a goal value category in Power BI is deleted. | Removing unused value categories; Deleting outdated goal tracking categories |
| Power BI | Updated the Power BI goal connection settings | This activity is logged when the connection settings for Power BI goals are updated. | Changing data source for goal tracking; Updating goal connection configurations |
| Power BI | Retrieved a model from Power BI | This activity occurs when a model is retrieved from Power BI. | Accessing a dataset model; Retrieving analysis model from Power BI |
| Power BI | Applied a change to a model in Power BI | This activity is recorded when a change is applied to a model in Power BI. | Editing model parameters; Updating relationships in a Power BI model |
| Power BI | Retrieved model diagram layouts in Power BI | This activity is logged when model diagram layouts are retrieved in Power BI. | Viewing data model layout; Accessing relationship diagrams in Power BI |
| Power BI | Saved model diagram layouts in Power BI | This activity occurs when model diagram layouts are saved in Power BI. | Saving model relationships diagram; Storing layout of a data model |
| Power BI | Completed an artifact access request action in Power BI | This activity is recorded when an artifact access request is completed in Power BI. | Granting access to report; Approving dataset sharing request |
| Apache Spark | Used mssparkutils to mount storage | This activity is logged when mssparkutils is used to mount storage for Apache Spark. | Mounting cloud storage to Spark cluster; Using mssparkutils to access external storage in Spark |
| Workspace Management | Updated workspace-level settings | This activity is recorded when the settings for a workspace are updated at the workspace level. | Modifying configuration options for a workspace; Changing workspace-level preferences |
| Workspace Management | Updated workspace selected pool | This activity occurs when the selected pool for a workspace is updated. | Changing the Spark pool selection for a workspace; Reconfiguring the pool for job execution |
| Workspace Management | Updated workspace-level Spark properties | This activity is logged when the Spark properties for a workspace are updated at the workspace level. | Changing Spark configurations for a workspace; Updating performance settings for Spark jobs in the workspace |
| Workspace Management | Added workspace-level Spark properties | This activity occurs when new Spark properties are added to a workspace at the workspace level. | Adding custom Spark properties for performance optimization; Defining new configuration values for Spark in a workspace |
| Workspace Management | Deleted workspace-level Spark properties | This activity is recorded when Spark properties are deleted from a workspace at the workspace level. | Removing obsolete Spark properties; Deleting redundant configurations from a workspace |
| Workspace Management | Enabled item-level compute customization | This activity is logged when item-level compute customization is enabled within a workspace. | Enabling the ability to customize compute settings for individual items; Allowing item-specific compute adjustments |
| Workspace Management | Disabled item-level compute customization | This activity is recorded when item-level compute customization is disabled in a workspace. | Disabling the ability to customize compute settings per item; Reverting to default compute settings for all items |
| Workspace Management | Updated workspace-level user-defined pool configurations | This activity occurs when the configurations for user-defined pools in a workspace are updated. | Modifying pool settings for Spark execution; Adjusting resource allocation for user-defined pools in the workspace |
| Workspace Management | Enabled autologging | This activity is logged when autologging is enabled within a workspace. | Enabling automatic logging of system and user activities; Activating autologging for job execution details |
| Workspace Management | Disabled autologging | This activity is recorded when autologging is disabled in a workspace. | Disabling automatic logging for activities; Turning off autologging for job execution |
| Workspace Management | Enabled high concurrency mode | This activity is recorded when high concurrency mode is enabled in a workspace. | Activating high concurrency mode for optimized job execution; Enabling high concurrency for better resource allocation |
| Workspace Management | Disabled high concurrency mode | This activity occurs when high concurrency mode is disabled in a workspace. | Turning off high concurrency mode; Reverting to default concurrency settings in the workspace |
| Capacity Management | Updated capacity-level settings | This activity is logged when settings at the capacity level are updated. | Changing capacity configurations for a workspace; Updating resource allocation at the capacity level |
| Capacity Management | Updated capacity-level Spark properties | This activity is recorded when the Spark properties at the capacity level are updated. | Modifying Spark configuration at the capacity level; Adjusting settings for capacity-related Spark jobs |
| Capacity Management | Added capacity-level Spark properties | This activity occurs when new Spark properties are added at the capacity level. | Adding new configurations for Spark at the capacity level; Defining custom Spark properties for a specific capacity |
| Capacity Management | Deleted capacity-level Spark properties | This activity is logged when Spark properties at the capacity level are deleted. | Removing unnecessary Spark properties from capacity-level settings; Deleting outdated Spark configurations |
| Workspace Management | Enabled workspace-level pool | This activity is recorded when a workspace-level pool is enabled. | Activating a new pool for job execution at the workspace level; Enabling workspace-specific compute resources |
| Workspace Management | Disabled workspace-level pool | This activity occurs when a workspace-level pool is disabled. | Turning off a workspace-specific pool; Disabling compute resources for the workspace |
| Capacity Management | Updated capacity-level user-defined pool configurations | This activity is logged when configurations for user-defined pools at the capacity level are updated. | Modifying user-defined pool settings at the capacity level; Changing configurations for capacity-based pools |
| Workspace Management | Updated notification settings | This activity is recorded when the notification settings for a workspace or capacity are updated. | Modifying email or system alerts; Changing notification preferences for system events |
| Workspace Management | Insert domain | This activity is logged when a domain is inserted into the workspace configuration. | Adding a new domain for system configuration; Inserting a domain for resource access |
| Domain Management | Delete domain | This activity is logged when a domain is deleted from the system. | Removing a domain from the workspace; Deleting a domain entry from the system |
| Domain Management | Update domain | This activity is recorded when a domain is updated. | Modifying the configuration of an existing domain; Changing domain properties like settings or name |
| Domain Management | Update domain workspaces relations | This activity occurs when the workspace relations of a domain are updated. | Changing the association between a domain and its workspaces; Updating workspace relationships for a domain |
| Domain Management | Delete all domain's workspaces relations | This activity is recorded when all workspace relations for a domain are deleted. | Removing all workspace associations from a domain; Deleting workspace relations tied to a specific domain |
| Domain Management | Update domain's workspaces relations as contributor | This activity is logged when a domain’s workspace relations are updated to a contributor role. | Assigning contributor role to domain workspaces; Updating domain's permissions for workspace access as contributor |
| Domain Management | Delete domain's workspace relation as workspace owner | This activity is recorded when a domain’s workspace relation as workspace owner is deleted. | Removing workspace ownership role from domain; Deleting domain's role as workspace owner |
| Domain Management | Update domain access permissions | This activity occurs when the access permissions for a domain are updated. | Modifying access rights for users or groups in a domain; Updating domain permissions to control user access |
| Domain Management | Update domain contributors scope | This activity is logged when the contributor scope for a domain is updated. | Changing the scope of contributors within a domain; Adjusting the permissions for contributors in a domain |
| Domain Management | Update domain branding | This activity occurs when the branding for a domain is updated. | Changing domain appearance settings like logos and colors; Modifying the branding elements of a domain |
| Domain Management | Update default domain | This activity is logged when the default domain is updated in the system. | Setting a new domain as the default; Changing the default domain for workspace management |
| Application Management | Deployed user applications through FunctionSet | This activity is recorded when user applications are deployed through FunctionSet. | Deploying applications via FunctionSet; Pushing user applications using the FunctionSet tool |
| Artifact Management | Add or override source on GraphQL artifact | This activity is logged when a source is added or overridden on a GraphQL artifact. | Modifying the source of a GraphQL artifact; Adding or updating source information for a GraphQL artifact |
| Artifact Management | Update source on GraphQL artifact | This activity is recorded when the source for a GraphQL artifact is updated. | Changing the source information for a GraphQL artifact; Updating the origin details for a GraphQL artifact |
| Artifact Management | Delete source on GraphQL artifact | This activity occurs when the source is deleted from a GraphQL artifact. | Removing source information from a GraphQL artifact; Deleting the source of a GraphQL artifact |
| Workplace Analytics activities | Updated privacy setting | This activity is recorded when a user or system updates the privacy setting of a file or page. Privacy settings determine the level of access and visibility of a document or content within a specific platform. | Changing a file's privacy to restrict access to specific users or groups; Updating privacy settings to make a document visible to certain individuals only; Modifying the sharing permissions of a document to control who can view or edit it |
| Data Governance activities | Updated data access setting | This activity is recorded when a user or system updates data access settings to determine who can access specific datasets or information. | Changing data access roles for users; Updating permissions to control access to sensitive data |
| Data Management activities | Uploaded organization data | This activity is recorded when data is uploaded to the organization's system, making it available for processing or analysis. | Uploading CSV or Excel files to a database; Importing structured or unstructured data into a system |
| Scheduling activities | Created meeting exclusion | This activity is recorded when a user sets a meeting exclusion rule, such as marking certain meetings as exceptions or not part of a schedule. | Excluding a meeting from appearing in the calendar; Setting a meeting as unavailable for scheduling |
| Scheduling activities | Updated preferred meeting exclusion | This activity is recorded when a user updates the preferred criteria or rules for meeting exclusions, affecting how meetings are managed or scheduled. | Changing the exclusion criteria for preferred meeting times; Modifying meeting availability settings |
| Query and Analytics activities | Executed query | This activity is recorded when a query is executed within the system to retrieve or analyze data. | Running a SQL query to retrieve records from a database; Executing a custom analytics query |
| Query and Analytics activities | Canceled query | This activity is recorded when a previously executed query is canceled before completion. | Stopping an ongoing database query; Interrupting a report generation process |
| Query and Analytics activities | Deleted result | This activity is recorded when a user or system deletes a result from a query or analysis, removing the output from the system. | Deleting a report result; Removing a query output from the database |
| Report activities | Downloaded report | This activity is recorded when a report is downloaded from the system by a user or an automated process. | Exporting a report to Excel or PDF; Downloading a report for offline analysis |
| Data Access activities | Accessed Odata link | This activity is recorded when a user or system accesses an OData (Open Data Protocol) link to retrieve data from a service or system. | Accessing an OData API to pull data from a server; Connecting to a data service via an OData endpoint |
| Query and Analytics activities | Viewed query visualization | This activity is recorded when a user views a query visualization, such as a chart or graph, generated from a query result. | Viewing a bar chart generated from a database query; Exploring data visualizations created from query results |
| Data Exploration activities | Viewed explore | This activity is recorded when a user views or explores data in an interactive manner, often through a dashboard or analytics tool. | Exploring data through a visual dashboard; Interacting with an analytics tool to view detailed data |
| Data Management activities | Created partition | This activity is recorded when a user creates a partition within a data system, organizing data into separate sections for efficient management. | Creating partitions to separate data by region; Partitioning a large dataset for better performance |
| Data Management activities | Updated partition | This activity is recorded when a user updates a partition configuration, adjusting the way data is organized and managed. | Modifying partition settings to optimize performance; Changing the partition criteria for a dataset |
| Data Management activities | Deleted partition | This activity is recorded when a partition within a data system is deleted, removing the organization of data. | Deleting a partition to remove unnecessary data organization; Removing a partition as part of data cleanup |
| User Access activities | User logged in | This activity is recorded when a user logs into a system, gaining access to its features and data. | A user logging into a data platform; Accessing a system with valid credentials |
| User Access activities | User logged out | This activity is recorded when a user logs out of a system, ending their session and revoking access to system resources. | A user logging out after completing their tasks; Ending a session by logging out of a platform |
| Briefing email activities | Updated user privacy settings | This activity is recorded when a user or system updates the privacy settings for a user, affecting how their personal information is shared or protected in the system. | Changing the privacy settings to allow or restrict sharing of personal details; Updating user preferences to control who can view their profile or activity |
| Briefing email activities | Updated organization privacy settings | This activity is recorded when a user or system updates the privacy settings for the organization, impacting how data is shared, protected, or controlled across the organization. | Changing organization-wide data access policies; Adjusting privacy settings for organizational data sharing; Modifying who can view sensitive organization-wide information |
| Microsoft Teams activities | Created team | The activity is recorded when a user or system creates a new team in Microsoft Teams, impacting collaboration, communication, and file sharing within that team. | Creating a new Microsoft Teams group; Setting up a new team for collaboration; Inviting members to a newly created team; Configuring a team for communication and sharing |
| Microsoft Teams activities | Deleted team | The activity is recorded when a team is deleted from Microsoft Teams, removing all associated data and settings. | Removing a Microsoft Teams group; Deleting a team and its contents; Deleting a team from the Microsoft Teams environment |
| Microsoft Teams activities | Added channel | The activity is recorded when a new channel is created within an existing Microsoft Teams group to enable specific team discussions or file sharing. | Creating a new channel in an existing team; Adding a channel to a team for project discussions |
| Microsoft Teams activities | Deleted channel | The activity is recorded when a channel is deleted from a Microsoft Teams group, removing all associated messages and files. | Deleting a channel from a Microsoft Teams group; Removing a channel and its content from the team |
| Microsoft Teams activities | Changed organization setting | The activity is recorded when an organization’s settings are updated within Microsoft Teams, affecting the overall environment configuration. | Changing organization-wide Teams policies; Updating settings affecting all Teams users in the organization |
| Microsoft Teams activities | Changed team setting | The activity is recorded when settings specific to a team are updated, influencing its functionality and user permissions. | Changing a team's privacy settings; Updating team notification settings; Modifying team permissions |
| Microsoft Teams activities | Changed channel setting | The activity is recorded when settings specific to a channel within a Microsoft Teams group are updated. | Changing a channel's notification preferences; Modifying privacy settings for a channel |
| Microsoft Teams activities | User signed in to Teams | The activity is recorded when a user signs into Microsoft Teams, enabling them to access team chats, files, and meetings. | User logging into Microsoft Teams; Accessing Teams services after signing in |
| Microsoft Teams activities | Added members | The activity is recorded when new members are added to a Microsoft Teams group or channel, granting them access to shared resources and discussions. | Inviting new members to join a team; Adding a user to a Microsoft Teams channel |
| Microsoft Teams activities | Changed role of members | The activity is recorded when a member's role within a Microsoft Teams group or channel is changed, affecting their permissions. | Changing a member's role from member to owner; Updating user permissions within a team |
| Microsoft Teams activities | Removed members | The activity is recorded when a member is removed from a Microsoft Teams group or channel, revoking their access to shared resources. | Removing a user from a Microsoft Teams team; Excluding a member from participating in team activities |
| Microsoft Teams activities | Added bot to team | The activity is recorded when a bot is added to a Microsoft Teams group to automate tasks or provide information. | Integrating a bot with a Microsoft Teams team; Adding a chatbot for team automation |
| Microsoft Teams activities | Removed bot from team | The activity is recorded when a bot is removed from a Microsoft Teams group, stopping its automation and tasks. | Removing a bot from a Microsoft Teams group; Disabling automation for a team |
| Microsoft Teams activities | Added tab | The activity is recorded when a new tab is added to a channel in Microsoft Teams, providing access to apps, documents, or websites. | Adding a new tab to a Teams channel; Embedding an app or file in a team using a tab |
| Microsoft Teams activities | Removed tab | The activity is recorded when a tab is removed from a Microsoft Teams channel, which can affect access to apps and documents. | Deleting a tab from a channel in Microsoft Teams; Removing a document or app link from a team |
| Microsoft Teams activities | Updated tab | The activity is recorded when a tab within a Microsoft Teams channel is updated, such as changing the linked content or settings. | Modifying the settings of a tab in Teams; Changing the document or app linked to a tab |
| Microsoft Teams activities | Added connector | The activity is recorded when a connector is added to a Microsoft Teams channel to integrate external services. | Adding an external service connector to a Teams channel; Connecting a third-party service to a team |
| Microsoft Teams activities | Removed connector | The activity is recorded when a connector is removed from a Microsoft Teams channel, stopping data integration from external services. | Disconnecting an external service from a Teams channel; Deleting a connector from a team |
| Microsoft Teams activities | Updated connector | The activity is recorded when a connector is updated within a Microsoft Teams channel, modifying its settings or functionality. | Changing the settings for an existing connector in Teams; Updating a service integration for a team |
| Microsoft Teams activities | Downloaded analytics report | The activity is recorded when an analytics report is downloaded from Microsoft Teams, typically for performance or usage insights. | Exporting a Microsoft Teams usage report; Downloading a report on team activity |
| Microsoft Teams activities | Upgraded Teams device | The activity is recorded when a device used for Microsoft Teams is upgraded to a new version or configuration. | Upgrading a device for Teams calls and meetings; Updating Teams hardware or software for better performance |
| Microsoft Teams activities | Blocked Teams device | The activity is recorded when a device is blocked from accessing Microsoft Teams, often due to security or compliance issues. | Blocking a device from using Microsoft Teams; Disabling Teams on a device for security reasons |
| Microsoft Teams activities | Unblocked Teams device | The activity is recorded when a previously blocked device is unblocked and allowed to access Microsoft Teams services. | Unblocking a device for Teams usage; Allowing a previously blocked device to access Microsoft Teams |
| Microsoft Teams activities | Changed configuration of Teams device | The activity is recorded when the configuration of a Teams-enabled device is changed, such as altering device settings or updating firmware. | Changing configuration settings of a Teams device; Updating hardware settings on a Teams-supported device |
| Microsoft Teams activities | Enrolled Teams device | The activity is recorded when a device is enrolled to use Microsoft Teams, typically as part of an organization's device management process. | Enrolling a new device to use Microsoft Teams; Registering a device for Teams meetings and calls |
| Microsoft Teams activities | Installed app | The activity is recorded when an application is installed within a Microsoft Teams environment, making it available for use by users. | Installing a third-party app in Teams; Adding a new app to Microsoft Teams |
| Microsoft Teams activities | Upgraded app | The activity is recorded when an app within Microsoft Teams is upgraded to a new version, often with new features or bug fixes. | Upgrading an app to the latest version in Teams; Updating a Microsoft Teams app to access new functionalities |
| Microsoft Teams activities | Uninstalled app | The activity is recorded when an app is uninstalled from the Microsoft Teams environment, removing its access and features. | Uninstalling an app from Microsoft Teams; Removing an unnecessary app from a Teams environment |
| Microsoft Teams activities | Published app | The activity is recorded when an app is published to a Teams environment, making it available for users to install and use. | Publishing an app to the Microsoft Teams store; Making an app available for installation within Teams |
| Microsoft Teams activities | Updated app | The activity is recorded when an app is updated within Microsoft Teams, either for performance improvements or feature enhancements. | Updating an app to a new version within Teams; Modifying app settings or configurations |
| Microsoft Teams activities | Deleted app | The activity is recorded when an app is deleted from the Microsoft Teams environment, removing it from use by team members. | Deleting an app from the Teams environment; Removing an app from the Microsoft Teams store |
| Microsoft Teams activities | Deleted all organization apps | The activity is recorded when all apps are deleted from an organization's Microsoft Teams environment, effectively removing third-party apps from use. | Deleting all installed apps from Teams for the organization; Removing all third-party applications from the Microsoft Teams environment |
| Microsoft Teams activities | Performed action on card | The activity is recorded when a user performs an action on a card within Microsoft Teams, such as interacting with a message or bot. | Interacting with a message card in Microsoft Teams; Performing an action on a bot card |
| Microsoft Teams activities | Extracted links from new message | The activity is recorded when links are extracted from a new message in Microsoft Teams, typically for reference or analysis. | Extracting URLs from a newly posted message in Teams; Collecting links shared in a team conversation |
| Microsoft Teams activities | Extracted links from edited message | The activity is recorded when links are extracted from an edited message in Microsoft Teams, reflecting any changes made to the original message. | Extracting URLs from an edited message in Teams; Collecting links from a modified team conversation |
| Microsoft Teams activities | Retrieved messages | The activity is recorded when messages are retrieved from Microsoft Teams, either through the API or in the user interface. | Retrieving messages from a specific Teams channel; Fetching team conversations through API calls |
| Microsoft Teams activities | Read a message | The activity is recorded when a user reads a message in Microsoft Teams, either from a channel or direct message. | Viewing a message in a Teams conversation; Opening a direct message to read it |
| Microsoft Teams activities | Updated a message | The activity is recorded when a message in Microsoft Teams is updated, such as when a user modifies the content of a previously sent message. | Editing a previously sent message in Teams; Updating the content of a message in a channel |
| Microsoft Teams activities | Deleted a message | The activity is recorded when a message is deleted from a Microsoft Teams conversation, removing it from the channel or chat. | Deleting a message in a Teams channel; Removing a message from a private chat |
| Microsoft Teams activities | Message read by recipient | The activity is recorded when a recipient reads a message in Microsoft Teams, indicating message engagement. | Recipient reading a message in a Teams conversation; User opening and viewing a Teams message |
| Microsoft Teams activities | User added a reaction to message | The activity is recorded when a user adds a reaction (like a thumbs-up, heart, etc.) to a message in Microsoft Teams. | Adding an emoji reaction to a Teams message; Reacting to a message with a thumbs-up in Teams |
| Microsoft Teams activities | Posted a new message | The activity is recorded when a user posts a new message in a Microsoft Teams channel or chat. | Sending a new message in a Teams channel; Posting a message to a direct chat in Teams |
| Microsoft Teams activities | Fetched all hosted content of a message | The activity is recorded when all content associated with a message, such as attachments or links, is retrieved from Microsoft Teams. | Fetching all linked content from a Teams message; Retrieving attachments and media associated with a Teams message |
| Microsoft Teams activities | Read hosted content of a message | The activity is recorded when a user reads the hosted content associated with a message in Microsoft Teams, such as viewing attachments, links, or other media. | Viewing an attachment in a message; Opening a link shared in a Teams message; Reading a document linked in a Teams conversation |
| Microsoft Teams activities | Subscribed to message change notifications | The activity is recorded when a user subscribes to receive notifications about changes to a message in Microsoft Teams. | Subscribing to receive notifications when a message is updated; Opting in for alerts on changes to a specific Teams message |
| Microsoft Teams activities | Sent change notification for message creation | The activity is recorded when a change notification is sent to users regarding the creation of a new message in Microsoft Teams. | Notifying users when a new message is posted in a channel; Alerting members about the creation of a new message |
| Microsoft Teams activities | Sent change notification for message update | The activity is recorded when a change notification is sent to users regarding an update to a message in Microsoft Teams. | Notifying users about an edited message in a Teams chat; Alerting team members when a message is updated |
| Microsoft Teams activities | Sent change notification for message deletion | The activity is recorded when a change notification is sent to users regarding the deletion of a message in Microsoft Teams. | Notifying users when a message is deleted in a Teams conversation; Sending an alert when a message is removed from Teams |
| Microsoft Teams activities | Fetched chat | The activity is recorded when a user or system fetches the contents of a chat in Microsoft Teams, typically for retrieval or analysis. | Retrieving a Teams chat from the chat history; Fetching a specific Teams conversation |
| Microsoft Teams activities | Updated a chat | The activity is recorded when a chat in Microsoft Teams is updated, either by changing its settings, participants, or content. | Updating the participants in a Teams chat; Modifying the settings of a Microsoft Teams conversation |
| Microsoft Teams activities | Created a chat | The activity is recorded when a new chat is created in Microsoft Teams, either as a direct message or a group chat. | Starting a new one-on-one chat in Teams; Creating a group conversation in Microsoft Teams |
| Microsoft Teams activities | Exported messages | The activity is recorded when messages are exported from Microsoft Teams, typically for archiving, reporting, or backup purposes. | Exporting a conversation history from a Teams channel; Saving Teams messages to an external file |
| Microsoft Teams activities | Changed setting by ConfigApi service | The activity is recorded when a setting is modified by the ConfigApi service in Microsoft Teams, affecting the configuration of a feature or service. | Modifying configuration settings through the Teams API; Changing system settings using ConfigApi |
| Microsoft Teams activities | Added details about Teams meeting | The activity is recorded when additional details are added to a Teams meeting, such as the agenda, location, or attachments. | Adding a meeting agenda to a scheduled Teams meeting; Updating meeting details for an upcoming Teams call |
| Microsoft Teams activities | Added information about meeting participants | The activity is recorded when information about participants is added to a Teams meeting, such as adding or updating attendee details. | Adding a new participant to a Teams meeting; Updating the list of participants for a scheduled Teams meeting |
| Microsoft Teams activities | Sent invitation for shared channel | The activity is recorded when an invitation to join a shared channel in Microsoft Teams is sent to users or external participants. | Sending an invitation to join a shared channel in Teams; Inviting someone to collaborate in a shared channel |
| Microsoft Teams activities | Responded to invitation for shared channel | The activity is recorded when a user responds to an invitation to join a shared channel in Microsoft Teams, either by accepting or declining the invitation. | Accepting or declining an invite to a Teams shared channel; Responding to an invitation to participate in a shared channel |
| Microsoft Teams activities | Responded to invitee response to shared channel invitation | The activity is recorded when a user responds to another user's invitation acceptance or decline for a shared channel in Microsoft Teams. | Replying to an invitee's response regarding a shared channel invitation; Confirming participation after an invitee's response |
| Microsoft Teams activities | Failed to validate invitation to shared channel | The activity is recorded when an invitation to a shared channel in Microsoft Teams fails validation, typically due to incorrect permissions or settings. | Receiving an error when validating a shared channel invitation; Failed attempt to add a participant to a shared channel due to validation failure |
| Microsoft Teams activities | Removed sharing of team channel | The activity is recorded when sharing of a team channel is removed, making the channel inaccessible to users outside the team. | Revoking external sharing of a Microsoft Teams channel; Stopping the sharing of a team channel with external users |
| Microsoft Teams activities | Restored sharing of team channel | The activity is recorded when sharing of a team channel is restored, allowing external access or sharing permissions to be re-enabled. | Re-enabling external sharing for a Teams channel; Restoring permissions for a team channel previously disabled |
| Microsoft Teams activities | Applied sensitivity label to meeting | The activity is recorded when a sensitivity label is applied to a Teams meeting, ensuring that the meeting content is protected according to organizational policies. | Applying a 'Confidential' sensitivity label to a scheduled Teams meeting; Labeling a Teams meeting as 'Highly Confidential' |
| Microsoft Teams activities | Removed sensitivity label from meeting | The activity is recorded when a sensitivity label is removed from a Teams meeting, lifting the previous content protection. | Removing the sensitivity label from a Teams meeting; Disabling content protection by removing the sensitivity label |
| Microsoft Teams activities | Changed sensitivity label for meeting | The activity is recorded when the sensitivity label for a Teams meeting is changed, adjusting the level of content protection based on organizational policies. | Changing the sensitivity label from 'Confidential' to 'Internal' for a meeting; Updating the label of a meeting to adjust its security level |
| Microsoft Teams activities | Signed out of Teams | The activity is recorded when a user signs out of Microsoft Teams, ending their active session and preventing further access until they log in again. | Logging out of Microsoft Teams on a desktop; Signing out of the Teams mobile app; Ending a Teams session on a shared device |
| Microsoft Teams activities | Exported recordings | The activity is recorded when a user exports a recording from a Teams meeting, which typically includes video and audio content of the meeting. | Downloading a recorded Teams meeting for archiving; Exporting a video recording of a Teams webinar; Saving a meeting recording from Teams to an external drive |
| Microsoft Teams activities | Exported transcripts | The activity is recorded when a user exports a transcript of a Teams meeting, which may include transcribed text from spoken conversation during the meeting. | Exporting a meeting transcript after a Teams meeting ends; Saving a transcript of a Microsoft Teams meeting for reference; Downloading a transcript for analysis or sharing |
| Microsoft Teams Shifts activities | Added scheduling group | The activity is recorded when a user adds a new scheduling group in Microsoft Teams Shifts, which is used to organize and manage shifts within a specific team or group of workers. | Creating a new scheduling group for a team; Adding a group of employees to a shift scheduling group; Organizing workers into a scheduling group for better management |
| Microsoft Teams Shifts activities | Edited scheduling group | The activity is recorded when a user or system edits an existing scheduling group in Microsoft Teams Shifts. | Changing the name or details of an existing scheduling group; Reorganizing employees within an existing scheduling group |
| Microsoft Teams Shifts activities | Deleted scheduling group | The activity is recorded when a user or system deletes a scheduling group in Microsoft Teams Shifts. | Removing a scheduling group from the Teams Shifts schedule |
| Microsoft Teams Shifts activities | Added shift | The activity is recorded when a user or system adds a shift for a specific employee or team member in Microsoft Teams Shifts. | Assigning a shift to an employee; Scheduling a work period for a team member |
| Microsoft Teams Shifts activities | Edited shift | The activity is recorded when a user or system edits an existing shift in Microsoft Teams Shifts. | Changing the start or end time of a shift; Updating shift details like location or duration |
| Microsoft Teams Shifts activities | Deleted shift | The activity is recorded when a user or system deletes a shift from Microsoft Teams Shifts. | Removing a scheduled shift from the calendar; Canceling an employee's shift |
| Microsoft Teams Shifts activities | Added time off | The activity is recorded when a user or system adds a time off request for an employee or team member in Microsoft Teams Shifts. | Scheduling an employee's day off; Adding vacation or personal time off for a team member |
| Microsoft Teams Shifts activities | Edited time off | The activity is recorded when a user or system edits a previously scheduled time off request in Microsoft Teams Shifts. | Changing the dates or details of a time off request; Updating the reason for an employee's time off |
| Microsoft Teams Shifts activities | Deleted time off | The activity is recorded when a user or system deletes a time off request in Microsoft Teams Shifts. | Removing an employee's time off request from the schedule; Canceling a planned day off |
| Microsoft Teams Shifts activities | Added open shift | The activity is recorded when a user or system adds an open shift to the schedule in Microsoft Teams Shifts. | Posting an open shift for employees to pick up; Creating a shift that is available for any employee to take |
| Microsoft Teams Shifts activities | Edited open shift | The activity is recorded when a user or system edits an existing open shift in Microsoft Teams Shifts. | Changing the details of an open shift such as time or duration; Reposting an open shift with updated information |
| Microsoft Teams Shifts activities | Deleted open shift | The activity is recorded when a user or system deletes an open shift in Microsoft Teams Shifts. | Removing an open shift from the schedule; Cancelling an open shift that was no longer needed |
| Microsoft Teams Shifts activities | Shared schedule | The activity is recorded when a user shares a schedule with a team or group of employees in Microsoft Teams Shifts. | Sharing a work schedule with a group of employees; Sending a team schedule to employees for review |
| Microsoft Teams Shifts activities | Clocked in using Time clock | The activity is recorded when a user clocks in using the Time clock feature in Microsoft Teams Shifts. | A team member clocks in to start their shift; Recording the start time of a shift for an employee |
| Microsoft Teams Shifts activities | Clocked out using Time clock | The activity is recorded when a user clocks out using the Time clock feature in Microsoft Teams Shifts. | A team member clocks out at the end of their shift; Recording the end time of a shift for an employee |
| Microsoft Teams Shifts activities | Started break using Time clock | The activity is recorded when a user starts a break using the Time clock feature in Microsoft Teams Shifts. | A team member starts their scheduled break; Recording the start time of a break during a shift |
| Microsoft Teams Shifts activities | Ended break using Time clock | The activity is recorded when a user ends a break using the Time clock feature in Microsoft Teams Shifts. | A team member ends their break and resumes their shift; Recording the end time of a break |
| Microsoft Teams Shifts activities | Added Time clock entry | The activity is recorded when a user manually adds a Time clock entry in Microsoft Teams Shifts. | Manually entering a clock-in or clock-out time; Recording shift times when the Time clock feature was not used |
| Microsoft Teams Shifts activities | Edited Time clock entry | The activity is recorded when a user edits a Time clock entry in Microsoft Teams Shifts. | Changing the time of a clock-in or clock-out entry; Correcting an error in a Time clock entry |
| Microsoft Teams Shifts activities | Deleted Time clock entry | The activity is recorded when a user deletes a Time clock entry in Microsoft Teams Shifts. | Removing an incorrect Time clock entry from the system; Deleting a clock-in or clock-out record |
| Microsoft Teams Shifts activities | Added shift request | The activity is recorded when a user adds a shift request in Microsoft Teams Shifts. | Submitting a request for a shift change; Asking for time off or a different work shift |
| Microsoft Teams Shifts activities | Responded to shift request | The activity is recorded when a user responds to a shift request in Microsoft Teams Shifts. | Approving or denying a shift request; Providing feedback on a shift request |
| Microsoft Teams Shifts activities | Canceled shift request | The activity is recorded when a user or system cancels a previously submitted shift request in Microsoft Teams Shifts. | A team member cancels a shift change request; Removing a pending request for time off or shift changes |
| Microsoft Teams Shifts activities | Changed schedule setting | The activity is recorded when a user or system changes the scheduling settings in Microsoft Teams Shifts, such as shift templates or workweek configurations. | Modifying workweek settings or shift hours; Adjusting shift templates or preferences |
| Microsoft Teams Shifts activities | Added workforce integration | The activity is recorded when a user or system integrates an external workforce management system with Microsoft Teams Shifts. | Connecting an external workforce management platform to Teams Shifts; Integrating payroll or scheduling systems into Teams Shifts |
| Microsoft Teams Shifts activities | Accepted off shift message | The activity is recorded when a user accepts an off-shift message, indicating they have acknowledged a shift change or time-off request in Microsoft Teams Shifts. | A team member accepts a shift swap or off-time request; Acknowledging a request for time off or shift change |
| Dynamics 365 activities | Accessed out-of-box entity (deprecated) | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Dynamics 365 activities | Accessed custom entity (deprecated) | The activity is recorded when a user or system accesses a custom entity in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a custom entity in read-only mode; Previewing a custom entity; Viewing a custom entity; Accessing a custom entity through an API call or automated process; Downloading a custom entity from its original location |
| Dynamics 365 activities | Accessed admin entity (deprecated) | The activity is recorded when a user or system accesses an admin entity in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening an admin entity in read-only mode; Previewing an admin entity; Viewing an admin entity; Accessing an admin entity through an API call or automated process; Downloading an admin entity from its original location |
| Dynamics 365 activities | Performed bulk actions (deprecated) | The activity is recorded when a user or system performs bulk actions, such as bulk editing, deleting, or updating entities in a supported platform. | Performing bulk edits on multiple records; Bulk deleting multiple records; Bulk updating multiple records |
| All Dynamics 365 activities | Accessed Dynamics 365 admin center (deprecated) | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| All Dynamics 365 activities | Accessed internal management tool (deprecated) | The activity is recorded when a user or system accesses an internal management tool in a supported platform, without making changes to the content. | Opening an internal management tool; Viewing information in the internal management tool; Accessing a file or tool through an API call |
| All Dynamics 365 activities | Signed in or out (deprecated) | The activity is recorded when a user signs in or out of a system or service, typically tracked in Dynamics 365 or a similar platform. | Signing into a system; Signing out of a system |
| All Dynamics 365 activities | Activated process or plug-in (deprecated) | The activity is recorded when a user or system activates a process or plug-in in a supported platform, typically used to initiate workflows or other actions. | Activating a plug-in; Triggering a process or workflow |
| Power Automate activities | Created flow | The activity is recorded when a user or system creates a flow in Power Automate, which automates tasks across various applications and services. | Creating a new flow to automate tasks; Setting up a trigger and actions in a flow; Creating a flow using pre-built templates; Automating notifications, approvals, or data syncing |
| Power Automate activities | Edited flow | The activity is recorded when a user or system edits an existing flow in Power Automate, making changes to its triggers, actions, or configurations. | Modifying a flow's trigger or action; Updating flow conditions or logic; Changing the destination of data within a flow |
| Power Automate activities | Deleted flow | The activity is recorded when a user or system deletes an existing flow in Power Automate. | Removing a flow from Power Automate; Deleting an automated workflow; Clearing outdated flows from the system |
| Power Automate activities | Edited flow permissions | The activity is recorded when a user or system updates the permissions associated with a flow in Power Automate, controlling who can access or modify it. | Changing user or group permissions for a flow; Granting or revoking access to a flow for specific users; Updating flow sharing settings |
| Power Automate activities | Deleted flow permissions | The activity is recorded when a user or system deletes the permissions associated with a flow in Power Automate. | Revoking access permissions for a flow; Removing shared access to a flow |
| Power Automate activities | Started a Flow paid trial | The activity is recorded when a user starts a paid trial for Power Automate, gaining access to premium features and functionalities for a limited time. | Activating a paid trial for Power Automate; Enabling premium features within a Flow trial |
| Power Automate activities | Renewed a Flow paid trial | The activity is recorded when a user renews an active paid trial for Power Automate, extending access to premium features. | Extending a Power Automate trial period; Renewing premium access to Power Automate features |
| PowerApps app activities | Created app | The activity is recorded when a user or system creates a new app in PowerApps, either from scratch or by using a template, for use within an organization. | Building a new app from a template in PowerApps; Creating a custom app to automate processes; Designing an app to collect data or provide services |
| PowerApps app activities | Edited app | The activity is recorded when a user or system edits an existing app in PowerApps. | Modifying an app's layout; Changing the app's data sources; Updating app functionalities |
| PowerApps app activities | Launched app | The activity is recorded when a user or system launches an app in PowerApps for the first time or at any subsequent use. | Opening the app in PowerApps; Running an app on mobile or web; Initiating the app for data input or processing |
| PowerApps app activities | Marked app as Hero | The activity is recorded when a user marks an app as Hero within PowerApps to highlight it. | Pinning an app to the homepage as a Hero app; Highlighting an app as featured for easier access |
| PowerApps app activities | Marked app as Featured | The activity is recorded when a user marks an app as Featured within PowerApps for easy visibility. | Setting an app to be visible as a Featured app; Promoting an app for high-priority visibility |
| PowerApps app activities | Edited app permission | The activity is recorded when a user or system modifies the permissions for a PowerApps app. | Changing the access level of a user to the app; Updating app permissions to restrict or grant access |
| PowerApps app activities | Deleted app permission | The activity is recorded when a user or system removes a permission from an app in PowerApps. | Revoking access rights from an app; Removing user access permissions to the app |
| PowerApps app activities | Restored app version | The activity is recorded when a previous version of an app is restored in PowerApps. | Rolling back an app to a previous version; Reverting changes made to an app |
| Power Platform activities | PowerPlatform connector events | The activity is recorded when there are actions related to PowerPlatform connectors, such as creation, editing, or deletion. | Creating a new connector for an app; Editing a connector to update data sources; Deleting an outdated connector |
| Power Platform activities | API created | The activity is recorded when a new API is created for Power Platform. | Creating a new custom API in Power Platform; Defining an API for app integration |
| Power Platform activities | API edited | The activity is recorded when an existing API is edited in Power Platform. | Modifying the structure or functionality of an API; Updating API endpoints |
| Power Platform activities | API deleted | The activity is recorded when an API is deleted from Power Platform. | Removing an outdated API; Deleting a no longer needed API |
| Power Platform activities | Connection created or edited | The activity is recorded when a new connection is created or an existing connection is edited in Power Platform. | Creating a new data connection; Editing connection settings for an app |
| Power Platform activities | Connection edited | The activity is recorded when an existing connection is edited in Power Platform. | Changing the configuration of an established connection; Modifying connection credentials |
| Power Platform activities | Connection deleted | The activity is recorded when a connection is deleted from Power Platform. | Removing an unused connection; Deleting a broken or obsolete connection |
| Power Platform activities | API made solution-aware | The activity is recorded when an API is made solution-aware, enabling it to be included in solutions for Power Platform apps. | Making an API solution-aware for inclusion in solutions; Enabling solution management features for an API |
| Power Platform activities | API permission added or edited | The activity is recorded when API permissions are added or edited in Power Platform. | Granting permissions for an API; Modifying existing API permissions |
| Power Platform activities | API permission removed | The activity is recorded when API permissions are removed in Power Platform. | Revoking access permissions for an API; Removing unnecessary API permissions |
| Power Platform activities | Connection permission added or edited | The activity is recorded when connection permissions are added or edited in Power Platform. | Granting permissions for a connection; Modifying connection access rights |
| Power Platform activities | Connection permission removed | The activity is recorded when connection permissions are removed in Power Platform. | Revoking a user's connection permissions; Removing outdated connection permissions |
| Power Platform activities | Gateway cluster edited | The activity is recorded when a gateway cluster is edited in Power Platform. | Changing settings in a gateway cluster; Modifying a gateway cluster configuration |
| Power Platform activities | Gateway permission added or edited | The activity is recorded when a gateway permission is added or edited in Power Platform. | Granting or editing gateway permissions; Modifying gateway access rights |
| Power Platform activities | Gateway permission removed | The activity is recorded when a gateway permission is removed in Power Platform. | Revoking gateway permissions; Removing unnecessary gateway permissions |
| Retrieving data. Wait a few seconds and try to cut or copy again. | Updated Lockbox access request | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Retrieving data. Wait a few seconds and try to cut or copy again. | Performed Lockbox command | The activity is recorded when a user or system performs a Lockbox command, typically related to retrieving or managing data access requests in a secure environment. | Initiating a Lockbox access request; Performing an action on a secure data request; Processing a Lockbox request via API; Triggering Lockbox commands in a secure environment |
| Microsoft Stream video activities | Created video | The activity is recorded when a user or system creates a video, typically in a platform like Microsoft Stream, where the video is uploaded or created for the purpose of sharing or viewing. | Uploading a video to Microsoft Stream; Creating a video for sharing on the platform; Recording a new video and saving it on Microsoft Stream; Initiating video creation in Microsoft Stream |
| Microsoft Stream video activities | Edited video | The activity is recorded when a user or system edits a video in a supported platform, typically within Microsoft Stream. | Modifying the content of an uploaded video; Editing the metadata or details of a video; Adjusting the settings or captions for a video |
| Microsoft Stream video activities | Deleted video | The activity is recorded when a user or system deletes a video from a supported platform like Microsoft Stream. | Removing a video from the platform; Deleting a shared or private video; Permanently deleting a video file |
| Microsoft Stream video activities | Uploaded video | The activity is recorded when a user uploads a video to a platform like Microsoft Stream. | Uploading a new video file to the platform; Adding a video to a team or group |
| Microsoft Stream video activities | Downloaded video | The activity is recorded when a user or system downloads a video from a platform like Microsoft Stream. | Downloading a video for offline viewing; Saving a video to a local storage location |
| Microsoft Stream video activities | Edited video permission | The activity is recorded when a user or system edits the permissions associated with a video in Microsoft Stream. | Changing who has access to a video; Updating sharing settings for a video |
| Microsoft Stream video activities | Viewed video | The activity is recorded when a user or system views a video in a supported platform, such as Microsoft Stream. | Watching a video in a team channel; Viewing a video shared by a colleague |
| Microsoft Stream video activities | Shared video | The activity is recorded when a user shares a video with others in a platform like Microsoft Stream. | Sharing a video with a group or team; Sending a video link to others for viewing |
| Microsoft Stream video activities | Liked video | The activity is recorded when a user likes a video in a supported platform like Microsoft Stream. | Liking a video to show appreciation; Reacting positively to a video |
| Microsoft Stream video activities | Unliked video | The activity is recorded when a user removes their like from a video in Microsoft Stream. | Unliking a video that was previously liked; Changing a reaction to a video |
| Microsoft Stream video activities | Commented on video | The activity is recorded when a user adds a comment on a video in Microsoft Stream. | Leaving a comment on a video; Adding feedback or thoughts on a video |
| Microsoft Stream video activities | Deleted video comment | The activity is recorded when a user deletes a comment from a video in Microsoft Stream. | Removing a comment previously made on a video; Deleting a feedback comment from a video |
| Microsoft Stream video activities | Uploaded video text track | The activity is recorded when a user uploads a text track (e.g., captions or subtitles) for a video in Microsoft Stream. | Adding subtitles or captions to a video; Uploading a new language track for a video |
| Microsoft Stream video activities | Deleted video text track | The activity is recorded when a user deletes a text track (e.g., captions or subtitles) from a video in Microsoft Stream. | Removing subtitles or captions from a video; Deleting a specific language track from a video |
| Microsoft Stream video activities | Uploaded video thumbnail | The activity is recorded when a user uploads a thumbnail for a video in Microsoft Stream. | Changing the thumbnail image for a video; Uploading a custom thumbnail for a video |
| Microsoft Stream video activities | Deleted video thumbnail | The activity is recorded when a user deletes a thumbnail from a video in Microsoft Stream. | Removing the thumbnail image from a video; Deleting a custom video thumbnail |
| Microsoft Stream video activities | Replaced video permissions and channel links | The activity is recorded when a user replaces the permissions or changes the channel links for a video in Microsoft Stream. | Updating the permissions or access settings for a video; Changing the associated channel for a video |
| Microsoft Stream video activities | Marked video public | The activity is recorded when a user changes a video's visibility to public in Microsoft Stream. | Making a video accessible to everyone; Changing the privacy setting of a video to public |
| Microsoft Stream video activities | Marked video private | The activity is recorded when a user changes a video's visibility to private in Microsoft Stream. | Making a video accessible only to selected individuals; Changing the privacy setting of a video to private |
| Microsoft Stream group channel activities | Edited group | The activity is recorded when a user or system modifies a group within a supported platform, such as Microsoft Stream, impacting the group or channel's settings or permissions. | Changing the name of a group or channel; Modifying the group's description or details; Updating the privacy settings of the group or channel; Adding or removing members from the group; Changing the group's permissions |
| Microsoft Stream group channel activities | Edited group memberships | The activity is recorded when a user or system modifies the membership of a group within a supported platform, such as adding or removing members. | Adding a new member to a group; Removing a member from a group; Changing the role of a member within the group; Updating permissions for group members |
| Microsoft Stream group channel activities | Created channel | The activity is recorded when a new channel is created within a supported platform, such as Microsoft Stream, for organizing content. | Creating a new channel for content sharing; Setting up a channel for a specific topic or team; Assigning privacy settings to the new channel |
| Microsoft Stream group channel activities | Edited channel | The activity is recorded when a user or system modifies the details or settings of an existing channel within a supported platform. | Changing the name or description of a channel; Modifying the privacy settings or permissions of a channel; Adding or removing content from the channel |
| Microsoft Stream group channel activities | Deleted a channel | The activity is recorded when a channel is deleted within a supported platform, such as Microsoft Stream. | Removing a channel from the platform; Deleting a channel that is no longer needed; Removing all content associated with the deleted channel |
| Microsoft Stream group channel activities | Replaced channel thumbnails | The activity is recorded when a user or system replaces the thumbnail image for a channel within a supported platform. | Updating the thumbnail image for a channel; Changing the visual representation of a channel; Replacing the channel's cover image |
| Microsoft Stream general activities | Edited user settings | The activity is recorded when a user or system modifies the settings for a user within a supported platform, such as Microsoft Stream, including personal settings and preferences. | Changing user preferences or settings; Modifying notification settings; Updating account details or privacy preferences; Changing language or accessibility options |
| Microsoft Stream general activities | Edited user settings | The activity is recorded when a user or system modifies the settings for a user within a supported platform, such as Microsoft Stream, including personal settings and preferences. | Changing user preferences or settings; Modifying notification settings; Updating account details or privacy preferences; Changing language or accessibility options |
| Microsoft Stream general activities | Edited tenant settings | The activity is recorded when a user or system modifies the tenant settings within a supported platform, such as Microsoft Stream or related services. | Changing global configuration or settings for the tenant; Updating privacy or security policies at the tenant level; Modifying organizational settings for service usage |
| Microsoft Stream general activities | Edited global role members | The activity is recorded when a user or system adds or removes users from global roles in the platform, granting them specific permissions or access. | Adding a user to a global role; Removing a user from a global role; Modifying role assignments for administrative purposes |
| Microsoft Stream general activities | Deleted user's data report | The activity is recorded when a user or system deletes a data report that belongs to a specific user, removing sensitive or audit information. | Deleting a data report generated for a user; Removing logs or audit trails related to user data |
| Microsoft Stream general activities | Edited user | The activity is recorded when a user or system makes changes to a user's profile or permissions, including updates to user details or role assignments. | Changing user information like name, email, or role; Updating a user's permissions or access rights |
| Microsoft Stream general activities | Exported user's data report | The activity is recorded when a user or system exports a data report related to a specific user, which may include usage data, permissions, or activity logs. | Exporting usage or activity reports for a specific user; Downloading reports with user-specific data for audit or analysis |
| Microsoft Stream general activities | Downloaded user's data report | The activity is recorded when a user or system downloads a data report related to a specific user, containing sensitive information such as usage, permissions, or activity logs. | Downloading an export of a user's activity or usage data; Fetching reports related to a user's permissions or history |
| Content explorer activities | Accessed item | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Quarantine activities | Previewed Quarantine message | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Quarantine activities | Deleted Quarantine message | The activity is recorded when a user or system deletes a quarantined message from the Quarantine. | Deleting a quarantined message from Quarantine; Removing a quarantined message from the Quarantine folder |
| Quarantine activities | Released Quarantine message | The activity is recorded when a quarantined message is released from the Quarantine by a user or system. | Releasing a quarantined message; Restoring a quarantined message to its original location |
| Quarantine activities | Requested to release quarantined message | The activity is recorded when a user requests the release of a quarantined message. | Requesting to release a quarantined message from Quarantine; Submitting a release request for a quarantined message |
| Quarantine activities | Denied to release quarantined message | The activity is recorded when a request to release a quarantined message is denied. | Denial of a request to release a quarantined message; Rejecting the release of a quarantined message |
| Quarantine activities | Exported Quarantine message | The activity is recorded when a user exports a quarantined message for further analysis or action. | Exporting a quarantined message; Downloading a quarantined message to an external location |
| Quarantine activities | Viewed Quarantine message's header | The activity is recorded when a user views the header of a quarantined message. | Viewing the header information of a quarantined message; Accessing metadata for a quarantined message |
| Customer Key Service Encryption activities | Fallback to Availability Key | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Microsoft Forms activities | Edited form | The activity is recorded when a user or system edits a form in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Changing form title; Editing form questions; Modifying form settings |
| Microsoft Forms activities | Moved form | The activity is recorded when a user or system moves a form from one location to another. | Moving a form to a different folder; Relocating form to another team or site |
| Microsoft Forms activities | Deleted form | The activity is recorded when a user or system deletes a form. | Removing a form from the system; Deleting form permanently |
| Microsoft Forms activities | Viewed form | The activity is recorded when a user or system views a form in a supported platform. | Opening a form for viewing; Previewing a form |
| Microsoft Forms activities | Previewed form | The activity is recorded when a user or system previews a form without making any edits. | Viewing a form as a participant; Testing a form |
| Microsoft Forms activities | Exported form | The activity is recorded when a user or system exports a form's data or structure. | Exporting form responses to Excel; Downloading form data |
| Microsoft Forms activities | Allowed share form for copy | The activity is recorded when a user or system allows a form to be shared for copy. | Allowing others to copy the form; Enabling form duplication |
| Microsoft Forms activities | Disallowed share form for copy | The activity is recorded when a user or system disables sharing a form for copy. | Disabling form copying; Revoking permission to copy the form |
| Microsoft Forms activities | Added form co-author | The activity is recorded when a user adds a co-author to a form. | Adding someone as a co-author of the form; Inviting a colleague to collaborate on a form |
| Microsoft Forms activities | Removed form co-author | The activity is recorded when a user removes a co-author from a form. | Revoking co-author permissions; Removing a collaborator from the form |
| Microsoft Forms activities | Viewed response page | The activity is recorded when a user or system views the response page of a form. | Viewing responses to a form; Accessing the response summary page |
| Microsoft Forms activities | Created response | The activity is recorded when a user or system creates a new response to a form. | Submitting an answer to a form; Filling out a form |
| Microsoft Forms activities | Updated response | The activity is recorded when a user or system updates a previously submitted response to a form. | Modifying an answer to a form; Changing a submitted response |
| Microsoft Forms activities | Deleted all responses | The activity is recorded when a user or system deletes all responses to a form. | Deleting all submitted responses; Clearing response data |
| Microsoft Forms activities | Deleted response | The activity is recorded when a user or system deletes a specific response to a form. | Deleting an individual response to a form; Removing a response submission |
| Microsoft Forms activities | Viewed responses | The activity is recorded when a user or system views all responses to a form. | Accessing a list of all responses to a form; Viewing response summaries |
| Microsoft Forms activities | Viewed response | The activity is recorded when a user or system views an individual response to a form. | Opening a specific response to a form; Viewing individual form submissions |
| Microsoft Forms activities | Created summary link | The activity is recorded when a user creates a summary link for a form's responses. | Creating a public summary link for form responses; Sharing a summary of form responses via link |
| Microsoft Forms activities | Deleted summary link | The activity is recorded when a user deletes a summary link for a form's responses. | Deleting the summary link for a form; Revoking access to form response summary |
| Microsoft Forms activities | Updated form phishing status | The activity is recorded when a user or system updates the phishing status of a form. | Marking a form as phishing; Changing a form's phishing status |
| Microsoft Forms activities | Updated user phishing status | The activity is recorded when a user or system updates the phishing status of a user. | Marking a user as phishing; Changing a user's phishing status |
| Microsoft Forms activities | Sent Forms Pro invitation | The activity is recorded when a user or system sends an invitation for Forms Pro. | Inviting a user to collaborate on Forms Pro; Sending a request to access Forms Pro |
| Microsoft Forms activities | Updated form setting | The activity is recorded when a user or system updates the settings of a form. | Changing form permissions; Modifying form options |
| Microsoft Forms activities | Updated user setting | The activity is recorded when a user or system updates a user’s settings in a form or platform. | Changing user preferences for form responses; Modifying user permissions |
| Microsoft Forms activities | Listed forms | The activity is recorded when a user or system lists the forms available in a platform. | Viewing a list of all forms; Browsing through available forms |
| Microsoft Forms activities | Submitted response | The activity is recorded when a user or system submits a response to a form. | Submitting answers to a form; Filling out and sending a form |
| Microsoft Forms activities | Enabled anyone can respond setting | The activity is recorded when a user or system enables the setting allowing anyone to respond to a form. | Enabling open access to a form for all users; Allowing anyone to submit responses to a form |
| Microsoft Forms activities | Disabled anyone can respond setting | The activity is recorded when a user or system disables the setting allowing anyone to respond to a form. | Disabling open access to a form; Restricting form access to specific responders |
| Microsoft Forms activities | Enabled specific people can respond setting | The activity is recorded when a user or system enables the setting to restrict form responses to specific people. | Allowing only specific users or groups to respond to a form; Enabling restricted access to a form |
| Microsoft Forms activities | Disabled specific people can respond setting | The activity is recorded when a user or system disables the setting that restricts form responses to specific people. | Removing restrictions on form responses; Allowing anyone to respond to the form |
| Microsoft Forms activities | Added specific responder | The activity is recorded when a user adds a specific responder to a form. | Adding a specific person or group to the list of allowed responders; Granting access to a form for a specific individual |
| Microsoft Forms activities | Removed specific responder | The activity is recorded when a user removes a specific responder from a form. | Revoking access to a form for a specific individual; Removing a user from the list of allowed responders |
| Microsoft Forms activities | Disabled collaboration | The activity is recorded when a user or system disables collaboration features on a form. | Turning off collaboration features; Disabling co-authoring on a form |
| Microsoft Forms activities | Enabled Office 365 work or school account collaboration | The activity is recorded when a user enables collaboration using Office 365 work or school accounts. | Allowing collaboration from Office 365 accounts; Inviting work or school accounts to collaborate on a form |
| Microsoft Forms activities | Enabled people in my organization collaboration | The activity is recorded when a user enables collaboration for people within their organization. | Allowing only users within the organization to collaborate; Enabling organization-wide collaboration on a form |
| Microsoft Forms activities | Enabled specific people collaboration | The activity is recorded when a user enables collaboration for specific individuals or groups. | Inviting selected people to collaborate on a form; Restricting form collaboration to specific users |
| Microsoft Forms activities | Connected to Excel workbook | The activity is recorded when a user connects a form to an Excel workbook for data storage or analysis. | Linking a form to an Excel workbook; Enabling Excel integration for form responses |
| Microsoft Forms activities | Created a collection | The activity is recorded when a user creates a new collection of forms. | Creating a new form collection; Organizing forms into a collection |
| Microsoft Forms activities | Updated a collection | The activity is recorded when a user updates an existing collection of forms. | Editing a collection's name or content; Adding or removing forms from a collection |
| Microsoft Forms activities | Deleted collection from the Recycle Bin | The activity is recorded when a user deletes a collection from the Recycle Bin. | Permanently deleting a collection from the Recycle Bin; Clearing a collection from deleted items |
| Microsoft Forms activities | Moved collection to the Recycle Bin | The activity is recorded when a user moves a collection to the Recycle Bin. | Deleting a collection by moving it to the Recycle Bin; Soft-deleting a collection |
| Microsoft Forms activities | Renamed a collection | The activity is recorded when a user renames an existing collection. | Changing the name of a form collection; Renaming a form group |
| Microsoft Forms activities | Moved a form into collection | The activity is recorded when a user or system moves a form into a collection. | Organizing a form into a specific collection; Adding a form to a form collection |
| Microsoft Forms activities | Moved a form out of collection | The activity is recorded when a user or system moves a form out of a collection. | Removing a form from a collection; Organizing a form outside of its current collection |
| Sensitivity label activities | Applied sensitivity label to site | The activity is recorded when a user or system applies a sensitivity label to a site. | Applying a sensitivity label to a site; Assigning a classification label to a site; Labeling a site with a defined security level |
| Sensitivity label activities | Removed sensitivity label from site | The activity is recorded when a user or system removes a sensitivity label from a site. | Removing a sensitivity label from a site; Unassigning a classification label from a site |
| Sensitivity label activities | Changed sensitivity label on a site | The activity is recorded when a user or system changes the sensitivity label applied to a site. | Changing the sensitivity label on a site; Updating the classification label applied to a site |
| Sensitivity label activities | Applied sensitivity label to file | The activity is recorded when a user or system applies a sensitivity label to a file. | Applying a sensitivity label to a file; Labeling a file with a classification or security level |
| Sensitivity label activities | Changed sensitivity label applied to file | The activity is recorded when a user or system changes the sensitivity label applied to a file. | Changing the sensitivity label on a file; Updating the classification label applied to a file |
| Sensitivity label activities | Removed sensitivity label from file | The activity is recorded when a user or system removes a sensitivity label from a file. | Removing a sensitivity label from a file; Unassigning a classification label from a file |
| Skype for Business cmdlet activities | Set tenant federation | The activity is recorded when a user or system sets the federation settings for a tenant in Skype for Business, allowing external communications with other organizations or services. | Configuring federation settings for external communication in Skype for Business; Setting up tenant federation for partner organizations; Allowing Skype for Business federation with external domains |
| Search activities | Performed email search | The activity is recorded when a user or system performs a search to locate specific emails within an email platform, such as Outlook or Exchange. | Searching for emails by sender, subject, or keywords; Performing an advanced search to filter emails by date range; Running a search query in the email system to locate a specific message |
| Search activities | Performed SharePoint search | The activity is recorded when a user or system performs a search to locate specific content, such as documents, lists, or sites, within SharePoint. | Searching for documents by title or content in SharePoint; Running a query to find specific sites or lists in SharePoint; Using filters to narrow down SharePoint search results |
| Microsoft Threat Intelligence activities | Attempted to compromise accounts | The activity is recorded when a user or system attempts to compromise accounts, such as through phishing, brute force attacks, or other malicious activities. | Attempting to gain unauthorized access to user accounts; Executing phishing attempts to steal credentials; Attempting to bypass authentication or security measures |
| Microsoft Teams approvals activities | Created new approval request | The activity is recorded when a user or system creates a new approval request in Microsoft Teams or other connected systems. | Creating an approval request for a document; Initiating a workflow that requires approval; Submitting a request for team or project approval |
| Microsoft Teams approvals activities | Viewed approval request details | The activity is recorded when a user views the details of an approval request in Microsoft Teams or other connected systems. | Viewing the details of an approval request; Checking the status of an approval request; Reviewing the content attached to an approval request |
| Microsoft Teams approvals activities | Approved approval request | The activity is recorded when a user approves an approval request in Microsoft Teams or other connected systems. | Approving a document for review; Giving final approval on a request; Approving an action in a workflow |
| Microsoft Teams approvals activities | Rejected approval request | The activity is recorded when a user rejects an approval request in Microsoft Teams or other connected systems. | Rejecting a document for review; Declining a request in a workflow; Disapproving an action or request |
| Microsoft Teams approvals activities | Canceled approval request | The activity is recorded when an approval request is canceled by the user or system in Microsoft Teams or other connected systems. | Cancelling an approval request; Removing a pending approval from a workflow; Stopping an approval process before completion |
| Microsoft Teams approvals activities | Shared approval request | The activity is recorded when an approval request is shared with others in Microsoft Teams or other connected systems. | Sharing an approval request with another team member; Forwarding an approval request for review; Sharing approval request details with stakeholders |
| Microsoft Teams approvals activities | File attached to approval request | The activity is recorded when a file is attached to an approval request in Microsoft Teams or other connected systems. | Attaching a document to an approval request; Adding a file to be reviewed in the approval process; Including supporting documentation in an approval request |
| Microsoft Teams approvals activities | Reassigned approval request | The activity is recorded when an approval request is reassigned to a different user in Microsoft Teams or other connected systems. | Reassigning an approval request to another user; Transferring responsibility for an approval request; Changing the assigned user for an approval request |
| Microsoft Teams approvals activities | Added e-signature to approval request | The activity is recorded when an e-signature is added to an approval request in Microsoft Teams or other connected systems. | Signing an approval request electronically; Adding an e-signature to approve a document; Including a digital signature on an approval request |
| Microsoft Teams approvals activities | Created org-wide approval template | The activity is recorded when an organization-wide approval template is created in Microsoft Teams or other connected systems. | Creating an approval template for the entire organization; Setting up an org-wide approval workflow; Designing a universal approval template |
| Microsoft Teams approvals activities | Edited org-wide approval template | The activity is recorded when an organization-wide approval template is edited in Microsoft Teams or other connected systems. | Updating the content of an org-wide approval template; Modifying an organization-wide approval process; Editing approval workflow settings for the organization |
| Microsoft Teams approvals activities | Created team-scoped approval template | The activity is recorded when a team-scoped approval template is created in Microsoft Teams or other connected systems. | Creating a team-specific approval template; Designing a template for team approvals; Setting up a team-focused approval workflow |
| Microsoft Teams approvals activities | Edited team-scoped approval template | The activity is recorded when a team-scoped approval template is edited in Microsoft Teams or other connected systems. | Modifying a team-specific approval template; Updating the approval settings for a team; Editing team-focused approval processes |
| Microsoft Teams approvals activities | Viewed org-wide approval template details | The activity is recorded when a user views the details of an organization-wide approval template in Microsoft Teams or other connected systems. | Viewing the details of an organization-wide approval template; Reviewing the settings of an org-wide approval workflow; Checking the parameters of an org-wide approval process |
| Microsoft Teams approvals activities | Viewed team-scoped approval template details | The activity is recorded when a user views the details of a team-scoped approval template in Microsoft Teams or other connected systems. | Viewing the details of a team-specific approval template; Checking the settings of a team-focused approval workflow; Reviewing the parameters of a team-scoped approval process |
| Microsoft Teams Updates activities | Create an update request | The activity is recorded when a user or system creates an update request in Microsoft Teams or other connected systems. | Creating a new update request for a document; Initiating a request for an update in a workflow; Requesting an update on a file in a collaborative environment |
| Microsoft Teams Updates activities | Create an update request | The activity is recorded when a user or system creates an update request in Microsoft Teams or other connected systems. | Creating a new update request for a document; Initiating a request for an update in a workflow; Requesting an update on a file in a collaborative environment |
| Microsoft Teams Updates activities | Edit an update request | The activity is recorded when a user or system edits an existing update request in Microsoft Teams or other connected systems. | Changing the details or deadline of an update request; Modifying the content or requirements of an update request; Editing a previously submitted update request |
| Microsoft Teams Updates activities | Submit an update | The activity is recorded when a user or system submits an update in response to an update request in Microsoft Teams or other connected systems. | Submitting a file update as part of a request; Sending the requested update for review or approval; Completing and submitting a requested update to a project or document |
| Microsoft Teams Updates activities | View the details of one update | The activity is recorded when a user or system views the details of a specific update request in Microsoft Teams or other connected systems. | Viewing the status or details of an update request; Reviewing the updates provided for a document or file; Inspecting the submitted response to an update request |
| Device activities | Printed file | The activity is recorded when a user or system prints a file from a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Printing a document from SharePoint Online; Sending a file to a printer from OneDrive for Business; Using a printing service to print a file accessed in Teams; Printing a file through a connected API |
| File access activities | Read file | The activity is recorded when a user or system opens and reads a file from a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Opening and reading a file from SharePoint Online; Accessing and reading a file stored in OneDrive for Business; Opening a document in Teams and reading it; Opening a file for viewing without making edits |
| Device activities | Captured screen | The activity is recorded when a user or system captures a screenshot of a file or screen from a supported platform. | Taking a screenshot of a document in SharePoint; Capturing a screen while previewing a file in OneDrive for Business; Using screen capture tools to capture a file displayed in Teams |
| Device activities | Copied file to removable media | The activity is recorded when a file is copied from a supported platform to a removable media device. | Copying a file from SharePoint Online to a USB drive; Transferring a document from OneDrive for Business to a removable disk; Moving a file from Teams to an external hard drive |
| Device activities | Copied file to network share | The activity is recorded when a file is copied from a supported platform to a network share location. | Copying a file from SharePoint Online to a network share; Transferring a document from OneDrive for Business to a shared network folder; Moving a file from Teams to a company file server |
| File interaction activities | Copied file to clipboard | The activity is recorded when a user copies a file to the clipboard from a supported platform. | Copying a file from SharePoint Online to the clipboard; Using the clipboard to copy a file from OneDrive for Business; Copying a document from Teams to clipboard for pasting |
| Cloud activities | Uploaded file to cloud | The activity is recorded when a user uploads a file from a local or network location to a cloud storage service. | Uploading a document from a local machine to SharePoint Online; Transferring a file from a network drive to OneDrive for Business; Uploading a file to Teams or a cloud-based file storage platform |
| Security activities | File accessed by an unallowed application | The activity is recorded when a file is accessed by an application that is not authorized to interact with it. | Accessing a file from SharePoint Online through an unapproved third-party app; Opening a document in OneDrive for Business with an unsupported application; Attempting to view a file from Teams using an unrecognized or unauthorized software |
| Microsoft Defender for Endpoint settings activities | Downloaded offboarding package | The activity is recorded when a user or system downloads an offboarding package, which is typically a collection of files containing information related to the offboarding process, from a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Downloading a document containing offboarding instructions from SharePoint Online; Retrieving an offboarding package file from OneDrive for Business; Downloading a file from Teams that contains user offboarding details; Accessing and downloading a file from an automated process |
| Microsoft Defender for Endpoint settings activities | Downloaded onboarding package | The activity is recorded when a user or system downloads an onboarding package, which typically includes files containing information related to the onboarding process, from a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Downloading an onboarding package from SharePoint Online; Retrieving an onboarding package file from OneDrive for Business; Downloading a file containing onboarding details from Teams; Accessing and downloading a file from an automated process |
| Data management activities | Changed data retention | The activity is recorded when a user or system changes the data retention settings for a file, folder, or other data objects, which may involve modifying how long content is kept before being deleted or archived. | Changing the retention policy of a document in SharePoint; Updating data retention settings for files in OneDrive; Modifying retention rules for Teams files |
| Configuration activities | Set advanced features | The activity is recorded when a user or system configures advanced features or settings for a service or application, often related to security, compliance, or management features. | Setting advanced features in Microsoft Teams; Configuring advanced compliance settings in SharePoint Online; Enabling advanced management features in OneDrive |
| Role management activities | Added role | The activity is recorded when a user or system adds a role to a user or group, granting them specific permissions within an application or service. | Adding a user to a role in SharePoint Online; Assigning a role to a user in Microsoft Teams; Granting permissions to a group in OneDrive |
| Role management activities | Edited role | The activity is recorded when a user or system edits a role, such as changing the permissions or access levels associated with that role within an application or service. | Editing a user role in SharePoint Online; Modifying permissions for a role in Microsoft Teams; Adjusting access levels for a role in OneDrive |
| Role management activities | Deleted role | The activity is recorded when a user or system deletes a role, removing it from an application or service, and revoking any permissions associated with that role. | Deleting a role in SharePoint Online; Removing a role from Microsoft Teams; Revoking access for a role in OneDrive |
| Security activities | Added indicator | The activity is recorded when a user or system adds an indicator, which may refer to a marker, tag, or signal used for categorizing or identifying content or events. | Adding an indicator to a file for security monitoring; Marking a file with an indicator in SharePoint Online; Creating an indicator for flagged content in Microsoft Teams |
| Security activities | Edited indicator | The activity is recorded when a user or system edits an indicator, such as modifying its properties, categories, or settings within an application or service. | Editing an indicator associated with a file in SharePoint; Changing the category of an indicator in Microsoft Teams; Modifying security indicators for flagged content in OneDrive |
| Security activities | Deleted indicator | The activity is recorded when a user or system deletes an indicator, removing it from an application or service and eliminating any categorization or flagging previously associated with it. | Deleting an indicator from a document in SharePoint; Removing a security indicator in Microsoft Teams; Revoking an indicator associated with content in OneDrive |
| Microsoft 365 Defender advanced hunting activities | Created custom detection | The activity is recorded when a user creates a custom detection rule in Microsoft 365 Defender to generate alerts based on advanced hunting queries and tailored conditions. | Creating a detection rule to alert on unusual login patterns; Setting up a custom detection for PowerShell activity; Generating alerts from an advanced hunting query |
| Microsoft 365 Defender advanced hunting activities | Edited custom detection | The activity is recorded when a user modifies an existing custom detection rule in Microsoft 365 Defender to update conditions, query logic, or alert configurations. | Changing the query in a custom detection rule; Updating severity level for triggered alerts; Adjusting the scope or conditions of the rule |
| Microsoft 365 Defender advanced hunting activities | Changed detection rule status | The activity is recorded when a user enables or disables a custom detection rule in Microsoft 365 Defender. | Disabling a detection rule temporarily; Enabling a previously disabled rule; Pausing rules for maintenance or review |
| Microsoft 365 Defender advanced hunting activities | Ran custom detection | The activity is recorded when a custom detection rule is executed manually or automatically in Microsoft 365 Defender. | Manually triggering a rule to test it; Running rules on a schedule; Validating detection logic against recent data |
| Microsoft 365 Defender advanced hunting activities | Deleted detection rule | The activity is recorded when a user permanently deletes a custom detection rule from Microsoft 365 Defender. | Removing outdated or unnecessary detection logic; Cleaning up unused rules; Deleting test detection rules |
| Microsoft Defender for Endpoint response activities | Ran antivirus scan | The activity is recorded when a user or system initiates an antivirus scan on a device through Microsoft Defender for Endpoint to detect and mitigate threats. | Running a quick antivirus scan on a device; Launching a full antivirus scan from Microsoft 365 Defender portal; Initiating a scan remotely via automated response actions |
| Microsoft Defender for Endpoint response activities | Isolated device | The activity is recorded when a device is isolated from the network using Microsoft Defender for Endpoint to prevent further compromise or data exfiltration. | Isolating a compromised endpoint from the network; Triggering isolation via automated investigation |
| Microsoft Defender for Endpoint response activities | Released from isolation | The activity is recorded when a previously isolated device is reconnected to the network after mitigation or validation. | Releasing a device from isolation after investigation; Undoing automated isolation due to false positive |
| Microsoft Defender for Endpoint response activities | Offboarded device | The activity is recorded when a device is removed from Microsoft Defender for Endpoint management and monitoring. | Manually offboarding a device from the security console; Automated offboarding through policy update |
| Microsoft Defender for Endpoint response activities | Ran live response API | The activity is recorded when a user or system initiates a live response command on a device via the API to investigate or mitigate threats. | Executing a PowerShell command via live response API; Querying system status using remote API command |
| Microsoft Defender for Endpoint response activities | Ran get live response file link | The activity is recorded when a file is retrieved from a device using a live response command to support investigation. | Downloading system logs through live response; Retrieving suspicious file for analysis |
| Microsoft Defender for Endpoint response activities | Collected Investigation Package | The activity is recorded when an investigation package is collected from a device for advanced forensic analysis. | Generating investigation package for threat analysis; Collecting artifacts like running processes, registry info, and network activity |
| Microsoft Defender for Endpoint response activities | Restricted App Execution | The activity is recorded when Microsoft Defender for Endpoint restricts applications from executing on a device as part of threat containment. | Preventing unknown apps from running on a compromised device; Applying automated response policies to restrict app execution |
| Microsoft Defender for Endpoint response activities | Removed App Restrictions | The activity is recorded when previously applied app restrictions are removed from a device. | Re-enabling application execution after threat mitigation; Undoing app block policies via Defender portal |
| Microsoft Defender for Endpoint response activities | Stopped And Quarantined File | The activity is recorded when a suspicious or malicious file is stopped from execution and moved to quarantine by Microsoft Defender for Endpoint. | Blocking a malicious executable and moving it to quarantine; Automatically quarantining files flagged during scan |
| Microsoft Defender for Endpoint response activities | Collected Logs | The activity is recorded when logs are collected from a device to support threat investigation or compliance requirements. | Collecting event logs for forensic review; Exporting security logs from endpoint for SIEM integration |
| Information barrier activities | Removed segment from site | The activity is recorded when a segment previously assigned to a SharePoint site is removed. Segments are used in information barriers to enforce communication and collaboration restrictions. | Removing the 'Finance' segment from a SharePoint Online site; Unassigning a user group segment from a site due to policy update |
| Information barrier activities | Changed segment of site | The activity is recorded when the assigned segment of a SharePoint site is changed to a different segment. | Changing site segment from 'Marketing' to 'Finance'; Updating segment assignment as part of policy enforcement |
| Information barrier activities | Applied segment to site | The activity is recorded when a new segment is assigned to a SharePoint site for the first time. | Assigning 'HR' segment to a newly created site; Applying segmentation as part of onboarding process |
| Information barrier activities | Applied information barriers mode to site | The activity is recorded when an information barriers mode is initially applied to a SharePoint site to control access based on compliance requirements. | Applying 'Strict' mode to a confidential site; Enforcing IB mode on sensitive project workspace |
| Information barrier activities | Changed information barriers mode of site | The activity is recorded when the information barriers mode applied to a SharePoint site is changed. | Switching site IB mode from 'Open' to 'Strict'; Updating collaboration settings by changing IB mode |
| Information barrier activities | Changed default information barriers mode for OneDrive | The activity is recorded when the default information barriers mode is changed for OneDrive, affecting all future OneDrive accounts. | Changing default IB mode to 'Strict' for OneDrive; Updating compliance policy across user drives |
| Information barrier activities | Enabled information barriers for SharePoint and OneDrive | The activity is recorded when information barriers are turned on for SharePoint Online and OneDrive across the tenant. | Activating IB to prevent communication between Finance and HR; Enabling compliance control across file sharing platforms |
| Information barrier activities | Disabled information barriers for SharePoint and OneDrive | The activity is recorded when information barriers are turned off for SharePoint Online and OneDrive at the tenant level. | Temporarily disabling IB due to operational needs; Turning off segment restrictions for collaboration |
| Information barrier activities | Changed AppBypassInformationBarrier setting for the tenant | The activity is recorded when the AppBypassInformationBarrier tenant setting is modified, allowing or blocking specific apps to bypass information barriers. | Allowing a compliance monitoring app to bypass IB; Blocking third-party apps from bypassing segmentation |
| MyAnalytics activities | Updated user MyAnalytics settings | The activity is recorded when a user or system updates the MyAnalytics settings for a user in Microsoft 365, adjusting the personal productivity insights provided by the service. | Updating the email summary frequency for MyAnalytics reports; Changing privacy settings for MyAnalytics insights; Enabling or disabling MyAnalytics features for an individual user |
| MyAnalytics activities | Updated organization MyAnalytics settings | The activity is recorded when an admin updates the MyAnalytics settings for the entire organization, affecting the way productivity insights and reports are provided to users. | Enabling or disabling MyAnalytics across the organization; Changing organization-wide privacy settings for MyAnalytics insights; Adjusting the frequency or type of MyAnalytics reports generated for users |
| Exact Data Match (EDM) activities | Created EDM schema | The activity is recorded when a user or system creates a schema for Exact Data Match (EDM), which involves defining the structure for sensitive data identification and classification within the organization. | Creating a new schema to match sensitive data across files; Defining patterns or keywords in the EDM schema to detect specific data; Using the EDM schema to classify sensitive information within a file or database |
| Exact Data Match (EDM) activities | Modified EDM schema | The activity is recorded when a user or system modifies an existing Exact Data Match (EDM) schema to update its structure, patterns, or conditions for detecting sensitive data. | Editing the structure of an existing EDM schema to include new patterns or keywords; Updating classification rules in the EDM schema; Changing the conditions under which sensitive data is identified in the schema |
| Exact Data Match (EDM) activities | Removed EDM schema | The activity is recorded when a user or system deletes an existing Exact Data Match (EDM) schema from the environment. | Deleting a previously created EDM schema from the system; Removing a schema from use in data classification processes; Clearing obsolete or unused EDM schemas from the environment |
| Exact Data Match (EDM) activities | Completed EDM data upload | The activity is recorded when a user or system successfully uploads data for processing under an Exact Data Match (EDM) schema, completing the data upload operation. | Successfully uploading sensitive data files for processing by an EDM schema; Completing the data import process after data matching with EDM rules; Finishing the upload of data files to be classified under EDM schema |
| Exact Data Match (EDM) activities | Failed EDM data upload | The activity is recorded when an attempt to upload data for processing under an Exact Data Match (EDM) schema fails. | Attempting to upload data but encountering errors preventing successful completion; Uploading data for EDM processing that fails due to schema mismatch or system issues; Errors occurring during the data upload process for EDM |
| Azure Information Protection activities | Discovered file | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Azure Information Protection activities | Applied sensitivity label | The activity is recorded when a sensitivity label is applied to a file or document in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Applying a sensitivity label to a document; Labeling a file with a predefined sensitivity level; Classifying a document with a sensitivity label |
| Azure Information Protection activities | Updated sensitivity label | The activity is recorded when an existing sensitivity label on a file or document is updated or changed. | Changing the sensitivity level of a document; Updating the label on a file; Modifying the classification of a document |
| Azure Information Protection activities | Removed sensitivity label | The activity is recorded when a sensitivity label is removed from a file or document in a supported platform. | Removing a sensitivity label from a document; Unclassifying a file; Reverting a document to an unlabeled state |
| Azure Information Protection activities | Removed file | The activity is recorded when a file marked with a sensitivity label is removed or deleted from a supported platform. | Deleting a labeled document; Removing a protected file from the system; Purging a sensitive document |
| Azure Information Protection activities | Applied protection | The activity is recorded when information protection, such as encryption or rights management, is applied to a file. | Applying encryption to a document; Enabling rights management on a file; Protecting a file with information protection policies |
| Azure Information Protection activities | Changed protection | The activity is recorded when the protection settings (e.g., encryption or rights management) on a file are changed. | Changing the encryption settings on a file; Modifying the protection settings of a document; Updating rights management on a protected file |
| Azure Information Protection activities | Removed protection | The activity is recorded when protection (e.g., encryption or rights management) is removed from a file. | Removing encryption from a document; Disabling rights management on a protected file; Deprotecting a file |
| Azure Information Protection activities | Received AIP heartbeat | The activity is recorded when a device or user receives an Azure Information Protection (AIP) heartbeat to confirm the status of AIP client communication. | AIP client successfully communicates with the AIP service; Receiving a confirmation from the AIP service about file protection status |
| Sensitive information type activities | Created rule package | The activity is recorded when a user or system creates a rule package, which includes sensitive information types used for content classification, in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Creating a new rule package for sensitive information types; Defining rules for detecting sensitive content; Packaging a set of sensitive information types for classification |
| Sensitive information type activities | Modified rule package | The activity is recorded when a user or system modifies an existing rule package, which includes sensitive information types used for content classification, in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Updating rules for detecting sensitive content; Modifying sensitive information types in a rule package; Changing configuration of a rule package for content classification |
| Sensitive information type activities | Removed rule package | The activity is recorded when a user or system removes a rule package that includes sensitive information types used for content classification in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Deleting a rule package for content classification; Removing sensitive information types from a rule package; Disabling or removing a classification rule package from the system |
| Microsoft 365 Groups activities | IB assistant removed group member | The activity is recorded when a user or system removes a member from a Microsoft 365 Group using the Information Barrier (IB) assistant in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Removing a member from a Microsoft 365 Group using IB assistant; Changing group membership through the IB assistant; Revoking access for a user from a Microsoft 365 Group |
| Microsoft 365 Groups activities | Identified as IB non-compliant group | The activity is recorded when a Microsoft 365 Group is identified as non-compliant with Information Barrier (IB) policies. This typically involves reviewing group membership and identifying violations of compliance rules. | A group is flagged as non-compliant with IB policies; A Microsoft 365 Group is reviewed for compliance with Information Barrier settings |
| Microsoft 365 Groups activities | Notified ownerless group | The activity is recorded when a notification is sent to a group that has no assigned owner. This activity helps to ensure that groups remain managed and are not left without oversight. | Sending a notification to a Microsoft 365 Group with no owner; Informing users of a group without an assigned owner |
| Microsoft 365 Groups activities | Responded to ownerless group notification | The activity is recorded when a user or system responds to a notification about a group without an owner, typically by assigning a new owner to the group. | Assigning a new owner to a group after receiving an ownerless group notification; Responding to an alert about an ownerless group by taking action |
| Microsoft 365 Groups activities | Unattended ownerless group | The activity is recorded when a group without an owner remains unattended. This can be a scenario where the group has not been acted upon or reassigned an owner after notification. | A group remains without an owner for an extended period; No action is taken after the notification for an ownerless group |
| App governance activities | Created security alert | The activity is recorded when a user or system creates a security alert in the security management platform. This typically involves setting up monitoring for potential security threats or violations. | Creating a new security alert in the security management platform; Defining security monitoring rules; Setting up triggers for security violations or incidents |
| App governance activities | Updated policy alert | The activity is recorded when a user or system updates an existing policy alert, changing the conditions or parameters of the alert to reflect new policy requirements. | Modifying the conditions for an existing policy alert; Changing the thresholds or triggers for a policy alert; Updating the scope of a policy alert |
| App governance activities | Updated security alert | The activity is recorded when a user or system updates an existing security alert, modifying the monitoring parameters or alert conditions based on updated security guidelines. | Modifying the settings of an existing security alert; Adjusting the severity level or alert threshold; Changing the recipient list for security alerts |
| App governance activities | Created policy | The activity is recorded when a user or system creates a new policy within the governance framework. This includes defining new rules or compliance requirements for organizational use. | Creating a new policy for organizational governance; Defining access controls or compliance rules; Establishing guidelines for application or user behavior |
| App governance activities | Updated policy | The activity is recorded when a user or system updates an existing policy, revising its terms, conditions, or scope to reflect new organizational needs or compliance regulations. | Modifying the rules or terms of an existing policy; Updating compliance requirements in the policy; Changing the scope or coverage of the policy |
| App governance activities | Deleted policy | The activity is recorded when a user or system deletes a policy from the governance platform. This could involve removing obsolete or irrelevant policies that no longer serve the organization's needs. | Deleting an outdated policy from the governance system; Removing a policy that is no longer relevant; Discontinuing a policy after changes to organizational needs |
| App governance activities | Took Remediation action | The activity is recorded when a user or system takes remediation action to address a violation or policy breach. This could include corrective actions to resolve non-compliance issues. | Implementing a corrective action after a policy violation; Taking steps to mitigate a security risk; Adjusting user permissions to resolve compliance issues |
| App governance activities | Enabled service principal | The activity is recorded when a user or system enables a service principal, granting access or authentication capabilities for a service or application. | Activating a service principal for an application; Granting access permissions to a service principal; Enabling a service principal for authentication or authorization |
| App governance activities | Disabled service principal | The activity is recorded when a user or system disables a service principal, preventing the associated service or application from accessing resources or performing actions. | Deactivating a service principal for an application; Revoking access or authentication capabilities for a service principal; Disabling a service principal for security or compliance reasons |
| App governance activities | Changed activation status | The activity is recorded when a user or system changes the activation status of an application or service, such as enabling or disabling it within the platform. | Changing the activation status of an app; Enabling or disabling a service for users or devices; Modifying the active status of a resource |
| App governance activities | Retrieved deployment pipeline users | The activity is recorded when a user or system retrieves the list of users associated with a deployment pipeline. This typically involves identifying who has access or permissions to interact with the pipeline. | Accessing the list of users for a deployment pipeline; Retrieving the user details associated with a pipeline; Checking the permissions of users in a deployment pipeline |
| App governance activities | Retrieved deployment pipelines | The activity is recorded when a user or system retrieves information about deployment pipelines, such as configuration, deployment statuses, and related users. | Accessing information about a deployment pipeline; Retrieving the status or configuration details of a pipeline; Checking deployment progress or settings |
| DLP migration activities | Collected import rule collection results | The activity is recorded when a user or system collects import rule collection results, which may include identifying and importing data or rules for data loss prevention (DLP) migration tasks. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Reports activities | Updated usage report privacy settings | The activity is recorded when a user or system updates the privacy settings for a usage report, which may include adjusting permissions or visibility of data within the report. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Reports activities | Updated usage report settings | The activity is recorded when a user or system updates the settings for a usage report, such as adjusting the data filters or report generation preferences. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Reports activities | Updated usage analytics settings | The activity is recorded when a user or system updates the settings for usage analytics, such as enabling or configuring the data collection and reporting methods. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Reports activities | Updated productivity score settings | The activity is recorded when a user or system updates the settings for productivity score, including adjusting the parameters used to track and report productivity metrics. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Disposition review activities | Approved disposal | The activity is recorded when a user or system approves the disposal of a file after it has gone through a disposition review process. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Retention activities | Extended retention period | The activity is recorded when the retention period of a file is extended, ensuring the file remains retained for a longer duration based on updated retention policies. | Extending the retention period of a document; Adjusting the retention policy for a file to extend its retention duration; Changing the retention settings to prevent deletion |
| Labeling activities | Relabeled item | The activity is recorded when a file or item is relabeled, typically to change its classification, retention label, or metadata associated with the file. | Changing a document's retention label; Updating the classification label of an item; Relabeling a file to align with new data management policies |
| Review activities | Added reviewer | The activity is recorded when a reviewer is added to a file or item for further review, typically as part of a disposition or approval process. | Adding a user as a reviewer for a document; Assigning a reviewer to a file for evaluation; Notifying a user about their role as a file reviewer |
| Office Scripts activities | Ran script on workbook | The activity is recorded when a user or system runs a script on a workbook in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) using Office Scripts or an automated process. | Running a script on an Excel workbook to automate tasks; Executing a pre-defined script to update data in a workbook; Triggering a script to perform calculations or format a workbook |
| SharePoint administrative unit activities | Updated site title | The activity is recorded when a user or system updates the title of a site in SharePoint or a similar platform, affecting how it is displayed or identified. | Changing the title of a SharePoint site; Renaming a site to reflect new organizational changes; Updating a site title for better alignment with company branding |
| SharePoint administrative unit activities | Updated site properties | The activity is recorded when a user or system modifies the properties of a site, such as its description, privacy settings, or other configuration aspects in SharePoint or a similar platform. | Changing the description of a SharePoint site; Modifying site privacy settings; Updating site metadata or settings |
| SharePoint administrative unit activities | Scheduled site rename job | The activity is recorded when a user or system schedules a task to rename a site at a later time, affecting its URL, display name, and associated properties in SharePoint or a similar platform. | Scheduling a site rename task to occur after hours; Setting a time for a site URL change; Planning a site name change for a specific date |
| Encrypted message portal activities | Open message | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Encrypted message portal activities | Reply/Forward message | The activity is recorded when a user or system replies to or forwards a message in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Replying to an encrypted message; Forwarding an encrypted message |
| Encrypted message portal activities | Download attachment | The activity is recorded when a user or system downloads an attachment from a message in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Downloading an attachment from an encrypted message; Saving an attachment from an encrypted message |
| Encrypted message portal activities | Preview attachment | The activity is recorded when a user or system previews an attachment in a message without downloading it, in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Previewing an attachment in an encrypted message; Opening an attachment without downloading it |
| Encrypted message portal activities | Request authentication | The activity is recorded when a user or system requests authentication to access a protected message or resource in a supported platform. | Requesting authentication to access an encrypted message; Verifying identity for a secure message |
| Customer Lockbox activities | Set-AccessToCustomerDataRequest | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Admin Education Data Lake Export Activities | Created Education Data Lake Export | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Admin Education Data Lake Export Activities | Deleted Education Data Lake Export | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Added FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Approved FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Updated FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Deleted FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Enabled consent option | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Disabled consent option | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | SMS number created | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | SMS number deleted | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | SMS linked to FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | SMS unlinked from FHIR URL | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | FHIR URL SMS settings updated | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Certificate uploaded | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Certificate downloaded | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| EHR connector activities | Certificate deleted | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Admin download copy of Lake data activities | Request to generate copy of Lake data | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Admin download copy of Lake data activities | Request to download copy of Lake data | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Microsoft Graph Data Connect Activities | Extraction Ran | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Power Pages Site activities | Executed GET requests | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Power Pages Site activities | Executed POST requests | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Power Pages Site activities | Executed PUT requests | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Power Pages Site activities | Executed PATCH requests | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Power Pages Site activities | Executed DELETE requests | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner plan activities | Read plan | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner plan activities | Created plan | The activity is recorded when a new plan is created in Planner. | Creating a new plan; Setting up a new project plan; Adding a plan for team collaboration |
| Planner plan activities | Modified plan | The activity is recorded when an existing plan is modified in Planner. | Changing the name of a plan; Updating the description of a plan; Adding or removing tasks in a plan |
| Planner plan activities | Deleted plan | The activity is recorded when a plan is deleted from Planner. | Deleting a plan from the planner; Removing a project plan from the platform |
| Planner plan activities | Added container to plan's shared-with | The activity is recorded when a container is added to a plan's shared-with list. | Sharing a plan with a new container; Adding a group or container to the shared list |
| Planner plan activities | Modified container from plan's shared-with | The activity is recorded when a container's permissions or access within a plan's shared-with list is modified. | Changing the permissions of a container in the shared list; Editing access settings for a shared container |
| Planner plan activities | Removed container from plan's shared-with | The activity is recorded when a container is removed from a plan's shared-with list. | Unsharing a plan from a container; Removing a group or container from the shared list |
| Planner plan copy activities | Copied plan | The activity is recorded when a user or system copies a plan in Planner. | Copying a plan for a new project; Duplicating a plan to reuse its structure; Creating a new plan based on an existing one |
| Planner task activities | Read task | The activity is recorded when a user or system opens, previews, or views a task in Planner without editing or altering its content. | Opening a task in read-only mode; Previewing a task; Viewing a task; Accessing a task through an API call or automated process; Downloading a task from its original location |
| Planner task activities | Created task | The activity is recorded when a user or system creates a new task in Planner. | Creating a new task; Adding a task to a Planner board; Setting a task title and details |
| Planner task activities | Modified task | The activity is recorded when a user or system modifies an existing task in Planner. | Changing the due date of a task; Editing task description; Updating task priority |
| Planner task activities | Deleted task | The activity is recorded when a user or system deletes a task from Planner. | Deleting a task from the Planner board; Removing a task from the task list |
| Planner task activities | Assigned task | The activity is recorded when a user or system assigns a task to a user or group in Planner. | Assigning a task to a team member; Assigning a task to multiple users; Changing the assignee of a task |
| Planner task activities | Completed task | The activity is recorded when a user or system marks a task as complete in Planner. | Marking a task as completed; Changing the status of a task to 'Completed' |
| Planner roster activities | Created roster | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner roster activities | Deleted roster | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner roster activities | Added member to roster | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner roster activities | Deleted member from roster | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner roster sensitivity label activities | Updated roster sensitivity label | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner plan list activities | Read plan list | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner task list activities | Read task list | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Planner tenant settings activities | Updated tenant settings | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| App governance activities | Approved or denied an app | The activity is recorded when a user or administrator approves or denies an application from being added to the environment, typically through an admin center or security interface. | Approving a third-party app in Microsoft 365 admin center; Denying an app based on security evaluation; Using policies to block unauthorized apps; Reviewing app permissions before approval; Preventing an app from accessing organization data |
| Viva goals activities | Organization created | The activity is recorded when a user or system creates a new organization in Viva Goals, establishing a workspace for tracking and managing objectives and key results (OKRs). | Creating a new organization within Viva Goals; Setting up a workspace for team OKRs; Defining initial structure for objectives and goals; Provisioning an organization-level OKR space; Initiating the Viva Goals environment for a company |
| Viva goals activities | User added | The activity is recorded when a user is added to the Viva Goals platform or team. | Adding a new user to the organization; Inviting a user to join a Viva Goals workspace; Creating a user account in the Viva Goals system |
| Viva goals activities | User deactivated | The activity is recorded when a user is deactivated or disabled in the Viva Goals platform. | Deactivating a user's access to Viva Goals; Suspending a user's account in Viva Goals |
| Viva goals activities | User deleted | The activity is recorded when a user's account is permanently deleted from the Viva Goals platform. | Deleting a user account from the Viva Goals platform; Removing a user permanently from the organization |
| Viva goals activities | Team added | The activity is recorded when a new team is created in Viva Goals. | Creating a new team within the Viva Goals platform; Adding a new team to track OKRs |
| Viva goals activities | Team updated | The activity is recorded when an existing team is updated in Viva Goals. | Modifying a team's details; Changing a team's members or settings |
| Viva goals activities | Team deleted | The activity is recorded when a team is deleted from the Viva Goals platform. | Deleting an entire team from Viva Goals; Removing a team from the Viva Goals workspace |
| Viva goals activities | Data exported | The activity is recorded when data is exported from the Viva Goals platform. | Exporting team OKRs to an external file; Downloading a report of OKRs for external use |
| Viva goals activities | Goals policy updated | The activity is recorded when an organization or team updates its goals policy in Viva Goals. | Modifying the rules or structure for setting goals; Updating goal tracking policies within the platform |
| Viva goals activities | Organization settings updated | The activity is recorded when settings or configurations for the organization are updated in Viva Goals. | Changing the organization’s name or branding in Viva Goals; Updating general settings for the entire organization |
| Viva goals activities | Organization integrations updated | The activity is recorded when integrations between Viva Goals and other tools or platforms are updated. | Modifying integrations with external platforms like Microsoft Teams; Updating the way Viva Goals connects with other tools |
| Viva goals activities | OKR or Project created | The activity is recorded when a new OKR or project is created in the Viva Goals platform. | Creating a new objective or key result in Viva Goals; Starting a new project to track OKRs |
| Viva goals activities | OKR or Project updated | The activity is recorded when an OKR or project is updated in the Viva Goals platform. | Modifying an existing objective or key result; Updating a project’s status or goals |
| Viva goals activities | OKR or Project deleted | The activity is recorded when an OKR or project is deleted in the Viva Goals platform. | Deleting an objective or key result from the system; Removing a project from Viva Goals |
| Viva goals activities | Data import initiated | The activity is recorded when a data import process is initiated in Viva Goals. | Starting the process of importing external data into Viva Goals; Initiating a bulk data import for team OKRs |
| Viva goals activities | Data import updated | The activity is recorded when a data import process is updated or modified in Viva Goals. | Changing the source or format of imported data; Updating the import settings for data in Viva Goals |
| Viva goals activities | Data import completed | The activity is recorded when a data import process is successfully completed in Viva Goals. | Completing the import of data from external sources; Successfully importing team OKRs into Viva Goals |
| Viva goals activities | Data import failed | The activity is recorded when a data import process fails in Viva Goals. | Encountering an error during a data import process; Data import fails due to incompatible format or other issues |
| Viva goals activities | Dashboard created | The activity is recorded when a new dashboard is created in Viva Goals. | Creating a new dashboard to track OKRs; Setting up a new performance dashboard for the team |
| Viva goals activities | Dashboard updated | The activity is recorded when an existing dashboard is updated in Viva Goals. | Modifying the layout or settings of a dashboard; Updating the data displayed in a dashboard |
| Viva goals activities | Dashboard deleted | The activity is recorded when a dashboard is deleted from the Viva Goals platform. | Removing a dashboard from the Viva Goals workspace; Deleting an outdated or unnecessary dashboard |
| Viva goals activities | Broadcast Summary created | The activity is recorded when a broadcast summary is created in the Viva Goals platform. | Creating a new summary for a broadcast in Viva Goals; Generating a report for team-wide OKR progress |
| Viva goals activities | Broadcast Summary updated | The activity is recorded when a broadcast summary is updated in the Viva Goals platform. | Modifying a broadcast summary; Updating the details of a report in Viva Goals |
| Viva goals activities | Broadcast Summary deleted | The activity is recorded when a broadcast summary is deleted in the Viva Goals platform. | Deleting an outdated broadcast summary; Removing a summary from the platform |
| Viva goals activities | Organization activated | The activity is recorded when an organization is activated in Viva Goals. | Activating an organization for goal tracking in Viva Goals; Enabling the Viva Goals environment for an organization |
| Viva goals activities | Organization deactivated | The activity is recorded when an organization is deactivated in Viva Goals. | Deactivating an organization from tracking goals; Suspending an organization's access to Viva Goals |
| Viva goals activities | Organization deleted | The activity is recorded when an organization is permanently deleted from the Viva Goals platform. | Permanently deleting an organization from Viva Goals; Removing all data and settings associated with an organization |
| Project For The Web project activities | Project Home accessed | The activity is recorded when a user or system opens, previews, or views a file in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a document in read-only mode; Previewing a document; Viewing a document; Accessing a file through an API call or automated process; Downloading a file from its original location |
| Project For The Web project activities | Project accessed | The activity is recorded when a user or system opens, previews, or views a project in a supported platform (e.g., Project for the Web, SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a project in read-only mode; Previewing a project; Viewing a project; Accessing a project through an API call or automated process |
| Project For The Web project activities | Created project | The activity is recorded when a user or system creates a new project within a supported platform. | Creating a new project; Initiating a project setup; Adding project details |
| Project For The Web project activities | Updated project | The activity is recorded when a user or system makes updates to an existing project. | Modifying project details; Changing project parameters; Editing project timeline |
| Project For The Web project activities | Deleted project | The activity is recorded when a user or system deletes a project within a supported platform. | Removing a project from the system; Deleting a project from the platform; Archiving a project for removal |
| Project For The Web task activities | Task Accessed | The activity is recorded when a user or system opens, previews, or views a task in a supported platform (e.g., Project for the Web, SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a task in read-only mode; Previewing a task; Viewing a task; Accessing a task through an API call or automated process; Downloading a task from its original location |
| Project For The Web task activities | Updated task | The activity is recorded when a user or system updates or modifies a task in a supported platform (e.g., Project for the Web, SharePoint Online, OneDrive for Business, Teams, or other connected systems). | Editing a task; Changing the status of a task; Assigning or reassigning a task; Updating task details; Modifying task due dates |
| Project For The Web roadmap activities | Roadmap accessed | The activity is recorded when a user or system opens, previews, or views a roadmap in a supported platform (e.g., Project for the Web, SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a roadmap in read-only mode; Previewing a roadmap; Viewing a roadmap; Accessing a roadmap through an API call or automated process; Downloading a roadmap from its original location |
| Project For The Web roadmap activities | Created roadmap | The activity is recorded when a user or system creates a new roadmap in Project for the Web or a connected platform. | Creating a new roadmap via the Project web interface; Creating a roadmap through an automated workflow or API |
| Project For The Web roadmap activities | Updated roadmap | The activity is recorded when a user or system updates details of an existing roadmap. | Modifying timeline or milestones; Adding or removing roadmap items; Changing roadmap metadata |
| Project For The Web roadmap activities | Deleted roadmap | The activity is recorded when a user or system deletes a roadmap from Project for the Web or a connected platform. | Deleting a roadmap from the Project interface; Removing a roadmap via an API call |
| Project For The Web roadmap item activities | Roadmap item accessed | The activity is recorded when a user or system opens, previews, or views a roadmap item in a supported platform (e.g., SharePoint Online, OneDrive for Business, Teams, or other connected systems) without editing or altering its content. | Opening a roadmap item in read-only mode; Previewing a roadmap item; Viewing a roadmap item; Accessing roadmap item data through an API call or automated process |
| Project For The Web roadmap item activities | Created roadmap item | The activity is recorded when a user or system creates a new roadmap item in Project for the Web. | Adding a new milestone to a roadmap; Creating a task under a roadmap timeline |
| Project For The Web roadmap item activities | Updated roadmap item | The activity is recorded when a user or system modifies an existing roadmap item in Project for the Web. | Changing the status or title of a roadmap item; Adjusting start or end dates of a roadmap task |
| Project For The Web roadmap item activities | Deleted roadmap item | The activity is recorded when a user or system deletes an existing roadmap item from Project for the Web. | Removing a roadmap task or milestone; Deleting an obsolete roadmap item |
| Project For The Web project tenant settings activities | Updated project settings | The activity is recorded when a user or system updates settings related to Project for the Web at the tenant level. | Changing project creation permissions; Modifying data storage settings for Project for the Web; Updating integration settings with other services |
| Project For The Web roadmap tenant settings activities | Updated roadmap settings | The activity is recorded when a user or system updates settings related to Roadmap in Project for the Web at the tenant level. | Modifying roadmap creation permissions; Updating integration settings for Roadmap; Changing roadmap sharing configurations |
| Microsoft 365 Defender suppression rules activities | Created suppression rule | The activity is recorded when a user or system creates a new suppression rule in Microsoft 365 Defender to prevent certain alerts or incidents from being generated. | Creating a rule to suppress false positive alerts; Setting conditions to ignore specific alert types; Defining scope for suppressed alerts across devices or users |
| Microsoft 365 Defender suppression rules activities | Edited suppression rule | The activity is recorded when a user or system modifies an existing suppression rule in Microsoft 365 Defender to change its behavior or scope. | Changing the conditions or filters of a suppression rule; Updating the rule name or description; Modifying affected entities or alert types |
| Microsoft 365 Defender suppression rules activities | Enabled suppression rule | The activity is recorded when a user or system reactivates or turns on a previously disabled suppression rule in Microsoft 365 Defender. | Re-enabling a rule to resume suppressing alerts; Activating a rule after review or testing |
| Microsoft 365 Defender suppression rules activities | Disabled suppression rule | The activity is recorded when a user or system disables an active suppression rule in Microsoft 365 Defender, preventing it from suppressing further alerts. | Turning off a rule to investigate alert behavior; Temporarily disabling suppression for testing purposes |
| Microsoft 365 Defender suppression rules activities | Deleted suppression rule | The activity is recorded when a user or system permanently removes a suppression rule from Microsoft 365 Defender. | Deleting a rule that is no longer needed; Cleaning up legacy or duplicate rules |
| Microsoft 365 Defender incident activities | Added comment to incident | The activity is recorded when a user or system adds a comment to an incident in Microsoft 365 Defender, typically for investigation, collaboration, or documentation purposes. | Adding a note during an investigation; Collaborating with other security team members; Documenting the steps taken to mitigate a threat |
| Microsoft 365 Defender incident activities | Assigned user to incident | The activity is recorded when a user or system assigns a user to an incident in Microsoft 365 Defender for tracking or investigation purposes. | Assigning a security analyst to investigate a threat; Delegating incident handling responsibilities |
| Microsoft 365 Defender incident activities | Unassigned user from incident | The activity is recorded when a user or system removes an assigned user from an incident in Microsoft 365 Defender. | Reassigning an incident to another analyst; Removing user from incident due to role change |
| Microsoft 365 Defender incident activities | Updated incident status | The activity is recorded when a user or system changes the status of an incident in Microsoft 365 Defender, such as resolving or escalating it. | Marking an incident as resolved; Escalating an incident for further investigation; Changing status to active or closed |
| Microsoft 365 Defender incident activities | Added tags to incident | The activity is recorded when a user or system adds tags to an incident in Microsoft 365 Defender to categorize or group related incidents. | Tagging incidents with 'phishing' or 'malware'; Using tags to prioritize incidents |
| Microsoft 365 Defender incident activities | Removed tags from incident | The activity is recorded when a user or system removes existing tags from an incident in Microsoft 365 Defender. | Clearing outdated or incorrect tags; Removing tags during incident reassessment |
| Microsoft 365 Defender incident activities | Edited incident classification | The activity is recorded when a user or system updates the classification of an incident in Microsoft 365 Defender, such as changing it from 'True Positive' to 'False Positive'. | Reclassifying incident after investigation; Correcting a misclassified event |
| Purview data map activities | Entity created | The activity is recorded when a user or system creates a new entity within Microsoft Purview Data Map, which represents a data asset or resource. | Creating a new data source entity; Registering a new dataset in the data map; Adding metadata for a new data asset |
| Purview data map activities | Entity updated | The activity is recorded when a user or system updates an existing entity within Microsoft Purview Data Map, reflecting a change in metadata or resource details. | Updating metadata for a data asset; Modifying the description of a data source; Changing the properties of a registered dataset |
| Purview data map activities | Entity deleted | The activity is recorded when a user or system deletes an existing entity within Microsoft Purview Data Map. | Deleting a data source from the data map; Removing a dataset from the collection; Deleting an entity and its metadata |
| Purview data map activities | Classification added | The activity is recorded when a classification is applied to a data asset within Microsoft Purview. | Assigning a classification to a dataset; Adding a sensitive data classification to a data asset; Labeling a data source with specific metadata |
| Purview data map activities | Classification updated | The activity is recorded when a classification applied to a data asset is updated within Microsoft Purview. | Updating the classification label for a dataset; Changing the sensitivity level of a data source; Modifying the classification of a data asset |
| Purview data map activities | Classification deleted | The activity is recorded when a classification is removed from a data asset within Microsoft Purview. | Removing a classification from a dataset; Deleting the sensitivity label of a data source; Unassigning a classification from a data asset |
| Purview data map activities | Collection created | The activity is recorded when a new collection is created within Microsoft Purview Data Map. | Creating a new collection to organize data assets; Registering a new data collection in the Purview platform |
| Purview data map activities | Collection create failed | The activity is recorded when an attempt to create a collection in Microsoft Purview Data Map fails. | Failed attempt to create a new collection; Collection creation error due to validation issues |
| Purview data map activities | Collection updated | The activity is recorded when a collection in Microsoft Purview Data Map is updated. | Modifying the properties of an existing collection; Updating metadata associated with a collection |
| Purview data map activities | Collection update failed | The activity is recorded when an attempt to update a collection in Microsoft Purview Data Map fails. | Error encountered during collection update; Failed attempt to modify a collection's metadata |
| Purview data map activities | Collection deleted | The activity is recorded when a collection is deleted from Microsoft Purview Data Map. | Deleting a data collection; Removing a collection from the Purview platform |
| Purview data map activities | Collection delete failed | The activity is recorded when an attempt to delete a collection from Microsoft Purview Data Map fails. | Error encountered during collection deletion; Failed attempt to remove a collection |
| Purview data map activities | Glossary term assigned | The activity is recorded when a glossary term is assigned to a data asset within Microsoft Purview. | Assigning a glossary term to a data asset; Adding a classification term to a dataset |
| Purview data map activities | Glossary term disassociated | The activity is recorded when a glossary term is disassociated from a data asset in Microsoft Purview. | Removing a glossary term from a dataset; Unassigning a classification term from a data asset |
| Purview data map activities | Classification definition created | The activity is recorded when a new classification definition is created in Microsoft Purview. | Creating a new classification definition; Adding a custom classification definition for sensitive data |
| Purview data map activities | Classification definition updated | The activity is recorded when an existing classification definition is updated in Microsoft Purview. | Updating an existing classification definition; Modifying the rules for a classification definition |
| Purview data map activities | Classification definition deleted | The activity is recorded when a classification definition is deleted from Microsoft Purview. | Deleting a classification definition from the system; Removing an obsolete classification definition |
| Purview data map activities | Glossary term created | The activity is recorded when a new glossary term is created within Microsoft Purview. | Creating a new glossary term for data classification; Adding a new glossary term for metadata |
| Purview data map activities | Glossary term updated | The activity is recorded when a glossary term is updated within Microsoft Purview. | Modifying a glossary term definition; Updating the properties of a glossary term |
| Purview data map activities | Glossary term deleted | The activity is recorded when a glossary term is deleted from Microsoft Purview. | Deleting a glossary term from the system; Removing an obsolete glossary term |
| Purview data map activities | Sensitivity label changed | The activity is recorded when a sensitivity label is changed for a data asset in Microsoft Purview. | Changing the sensitivity label on a dataset; Modifying the security classification of a data asset |
| Defender Experts for XDR Admin activities | Tenant onboarded to Defender Experts service | The activity is recorded when a user or system onboards a tenant to the Defender Experts for XDR service, enabling advanced threat detection and response capabilities. | Onboarding a new tenant to Defender Experts for XDR; Setting up Defender Experts service for a tenant; Enabling advanced security features for a new tenant |
| Defender Experts for XDR Admin activities | Defender Experts analyst permission created | The activity is recorded when a user creates an analyst permission in the Defender Experts for XDR service, granting a user or group access to specific roles and capabilities. | Creating an analyst permission for a user; Granting specific Defender Experts roles to a user; Assigning analyst-level permissions in Defender Experts |
| Defender Experts for XDR Admin activities | Defender Experts analyst permission modified | The activity is recorded when a user modifies an analyst permission in the Defender Experts for XDR service, updating the roles or capabilities granted to a user or group. | Modifying an existing analyst permission; Changing the role or capabilities assigned to an analyst; Updating user access in Defender Experts |
| Defender Experts for XDR Admin activities | Defender Experts contacts added | The activity is recorded when a user adds contacts to the Defender Experts for XDR service, providing contact details for communication during security incidents. | Adding security contacts to Defender Experts; Including contact information for incident management; Registering new contacts in the Defender Experts service |
| Defender Experts for XDR Admin activities | Defender Experts contacts modified | The activity is recorded when a user modifies the details of contacts in the Defender Experts for XDR service, updating information for communication during security events. | Modifying contact information for security analysts; Updating contact details in the Defender Experts service; Changing the contact information for incident response |
| Defender Experts for XDR Admin activities | Defender Experts contacts removed | The activity is recorded when a user removes contacts from the Defender Experts for XDR service, deleting contact information from the system. | Removing security contacts from Defender Experts; Deleting a contact from the incident management system; Purging contact information from the Defender Experts service |
| Power Automate Hosted RPA activities | Created hosted machine group | The activity is recorded when a user or system creates a hosted machine group in the Power Automate Hosted RPA service, organizing machines for automation tasks. | Creating a new hosted machine group in Power Automate; Organizing machines into a specific group for robotic process automation; Setting up a group of hosted machines for task execution in Power Automate |
| Power Automate Hosted RPA activities | Created hosted machine | The activity is recorded when a user or system creates a hosted machine in the Power Automate Hosted RPA service, allowing it to run robotic process automation tasks. | Creating a new hosted machine in Power Automate; Setting up a machine for robotic process automation tasks; Provisioning a machine for automation in Power Automate |
| Power Automate Hosted RPA activities | Deleted hosted machine | The activity is recorded when a user or system deletes a hosted machine in the Power Automate Hosted RPA service, removing it from the automation environment. | Deleting a hosted machine from Power Automate; Removing a machine from the robotic process automation environment; Disabling a machine by deletion in Power Automate |
| MicrosoftTodo Activities | Created SubTask | The activity is recorded when a user or system creates a new subtask within a task in Microsoft To-Do, helping to break down tasks into smaller, manageable steps. | Creating a subtask under a main task; Adding a task as a subtask to an existing task in Microsoft To-Do; Dividing a larger task into smaller subtasks for better task management |
| MicrosoftTodo Activities | Created Task List | The activity is recorded when a new task list is created in Microsoft To-Do, allowing users to organize their tasks into lists. | Creating a new task list in Microsoft To-Do; Organizing tasks under a newly created list |
| MicrosoftTodo Activities | Created Linked Entity | The activity is recorded when a new linked entity is created, allowing tasks to be associated with other resources or services. | Linking a task to an external service or application; Associating a task with a calendar or a document |
| MicrosoftTodo Activities | Created Attachment | The activity is recorded when an attachment is added to a task or subtask in Microsoft To-Do. | Attaching a file to a task in Microsoft To-Do; Adding an image or document to a subtask |
| MicrosoftTodo Activities | Updated SubTask | The activity is recorded when a subtask is updated in Microsoft To-Do, which may involve changes to task details, due dates, or status. | Changing the due date of a subtask; Marking a subtask as complete; Updating the priority or details of a subtask |
| MicrosoftTodo Activities | Updated Task List | The activity is recorded when a task list is updated in Microsoft To-Do, such as renaming or adding new tasks. | Renaming a task list; Adding new tasks to an existing list; Changing the order of tasks within a list |
| MicrosoftTodo Activities | Updated Linked Entity | The activity is recorded when a linked entity associated with a task is updated, allowing changes to the linked resource. | Updating a calendar link associated with a task; Changing the document linked to a task |
| MicrosoftTodo Activities | Deleted SubTask | The activity is recorded when a subtask is deleted from a task in Microsoft To-Do. | Deleting a subtask from a task; Removing a step from a multi-step task |
| MicrosoftTodo Activities | Deleted Task List | The activity is recorded when a task list is deleted in Microsoft To-Do, removing all associated tasks and subtasks. | Deleting a task list from Microsoft To-Do; Removing an entire group of tasks |
| MicrosoftTodo Activities | Deleted Linked Entity | The activity is recorded when a linked entity associated with a task is deleted, removing the reference to the external resource. | Deleting a link to an external document; Removing a calendar event linked to a task |
| MicrosoftTodo Activities | Deleted Attachment | The activity is recorded when an attachment is deleted from a task or subtask in Microsoft To-Do. | Removing a file attached to a task; Deleting an image or document from a subtask |
| MicrosoftTodo Activities | Create Sharing Link | The activity is recorded when a sharing link is created for a task or task list in Microsoft To-Do, enabling collaboration or access sharing. | Creating a shareable link for a task list; Generating a link to allow others to view or edit a task |
| MicrosoftTodo Activities | Invited User for a Folder | The activity is recorded when a user is invited to access a folder or task list in Microsoft To-Do, enabling collaboration and shared access. | Sending an invitation to a user to collaborate on a task list; Inviting a colleague to view or edit tasks within a folder |
| Microsoft Defender for Identity Activities | Disabled user | The activity is recorded when a user or system disables a user account in Microsoft Defender for Identity, typically for security or compliance reasons. | Disabling a user account due to security concerns; Temporarily disabling a user's access for troubleshooting; Disabling a user account in response to a security incident |
| Microsoft Defender for Identity Activities | Forced password reset | The activity is recorded when a user or system forces a password reset for a user account in Microsoft Defender for Identity, typically as a security measure or after suspicious activity. | Forcing a user to reset their password due to a suspected security breach; Initiating a password reset as part of an organization's security policy; Enforcing a password change after a system compromise |
| Microsoft 365 Defender for Azure Active Directory activities | Revoked refresh token | The activity is recorded when a user or system revokes a refresh token in Microsoft 365 Defender for Azure Active Directory, often as a security measure to invalidate an active session or re-authenticate a user. | Revoking a refresh token to terminate a user's session; Revoking a refresh token after suspicious activity is detected; Inactivating a refresh token to enforce re-authentication |
| Vfam policy activities | Vfam create policy | The activity is recorded when a user or system creates a new policy within the Vfam system, often as part of a governance or compliance framework. | Creating a new policy in the Vfam system; Defining new rules or guidelines for content management; Establishing compliance requirements through policy creation |
| Vfam policy activities | Vfam update policy | The activity is recorded when a user or system updates an existing policy within the Vfam system, often involving adjustments to rules or compliance settings. | Modifying an existing policy in the Vfam system; Changing the compliance rules within a policy; Updating the scope or criteria of a policy |
| Vfam policy activities | Vfam delete policy | The activity is recorded when a user or system deletes an existing policy from the Vfam system, potentially removing its rules or compliance settings from the organization. | Deleting an existing policy from the Vfam system; Removing a policy that is no longer applicable; Reversing the enforcement of certain rules by deleting a policy |
| Microsoft Defender for Identity audited activities | Portal login authorization | The activity is recorded when a user or system attempts to log in to a portal, verifying their identity and granting access based on their credentials or authorization settings. | User successfully logs into the portal after providing valid credentials; System grants access to the portal based on authentication settings; Portal login request is authorized and user gains access to the resources |
| Workspace management activities | Workspace Poc mode was updated | The activity is recorded when a user or system updates the Proof of Concept (PoC) mode within the workspace. | Enabling or disabling PoC mode in the workspace settings; Updating workspace PoC configuration |
| Security alert management activities | Security alert status was updated | The activity is recorded when a user or system updates the status of a security alert. | Changing a security alert status from 'New' to 'Resolved'; Updating the severity or priority of a security alert |
| Security reporting activities | Security alert excel was updated | The activity is recorded when a security alert report in Excel format is updated. | Updating an Excel file with new security alert information; Editing or modifying the contents of a security alert Excel report |
| Security monitoring activities | Security alert was received | The activity is recorded when a new security alert is triggered and received by the system. | Receiving a new security alert from a monitoring tool; System detecting an event that triggers a security alert |
| Security monitoring activities | Security domain controller coverage excel was downloaded | The activity is recorded when the security domain controller coverage Excel file is downloaded. | Downloading the Excel file containing domain controller coverage data; Exporting security coverage details in Excel format |
| Sensor management activities | Sensor was deleted | The activity is recorded when a sensor is deleted from the system. | Deleting a security sensor from the monitoring system; Removing a deployed sensor from the infrastructure |
| Sensor management activities | Sensor configuration was updated | The activity is recorded when the configuration of a security sensor is updated. | Modifying the configuration settings of a deployed sensor; Updating sensor parameters for monitoring |
| Sensor management activities | Sensor was created | The activity is recorded when a new sensor is created and added to the system for monitoring. | Creating a new sensor for threat detection; Adding a new sensor to the security monitoring system |
| Access control activities | Urbac mode was enabled | The activity is recorded when the User and Role-based Access Control (URBAC) mode is enabled in the system. | Activating URBAC mode for security management; Enabling role-based access restrictions for users |
| Access control activities | Urbac mode was disabled | The activity is recorded when the User and Role-based Access Control (URBAC) mode is disabled. | Disabling URBAC mode for security management; Removing role-based access control restrictions |
| Access control activities | Urbac mode was changed | The activity is recorded when there is a change in the configuration of URBAC mode. | Switching URBAC settings from restricted to open access; Changing URBAC role configurations |
| Workspace management activities | Workspace was created | The activity is recorded when a new workspace is created. | Creating a new workspace for project collaboration; Setting up a new workspace for data storage |
| Workspace management activities | Workspace was deleted | The activity is recorded when a workspace is deleted from the system. | Deleting an unused or obsolete workspace; Removing a workspace from the system |
| Incident management activities | Remediation action was added | The activity is recorded when a new remediation action is added to the system for incident resolution. | Adding a new action to resolve a security incident; Creating a remediation action for a detected vulnerability |
| Incident management activities | Remediation action was updated | The activity is recorded when a remediation action is updated. | Updating the details or status of an ongoing remediation action; Modifying an existing remediation action to address a new incident |
| Incident management activities | Remediation action configuration received | The activity is recorded when the configuration for a remediation action is received by the system. | Receiving configuration details for an automated remediation action; System receiving inputs for a new remediation process |
| Incident management activities | Remediation action configuration updated | The activity is recorded when the configuration for a remediation action is updated. | Modifying the configuration of an existing remediation action; Updating parameters or settings for a remediation process |
| Sensor management activities | Sensor deployment key was updated | The activity is recorded when the deployment key for a sensor is updated. | Updating the key used for deploying a sensor to the system; Changing the deployment key for security sensor installation |
| Monitoring alert management activities | Monitoring alert was updated | The activity is recorded when the status or details of a monitoring alert are updated. | Updating the priority or severity of a monitoring alert; Changing the status or assigning a response team to a monitoring alert |
| VPN management activities | Vpn configuration was updated | The activity is recorded when the VPN configuration settings are updated. | Changing VPN connection settings for remote users; Updating the configuration of VPN access policies |
| Security alert management activities | Security alert was deleted | The activity is recorded when a security alert is deleted from the system. | Removing a false positive security alert; Deleting an old or resolved security alert |
| Security alert management activities | Security alert was updated | The activity is recorded when a security alert's status, priority, or details are updated. | Updating the status or severity of a security alert; Modifying the details or assigning a new response to an alert |
| Security alert sharing activities | Security alert was shared via email | The activity is recorded when a security alert is shared with one or more recipients via email. | Sending a security alert to stakeholders via email; Forwarding a security alert to a security team or administrator |
| Entity management activities | Unique entity list was received | The activity is recorded when a unique entity list is received by the system for analysis or processing. | Receiving a list of unique entities for further analysis; Ingesting data related to entities from an external source |
| Alert management activities | Alert notification recipient was deleted | The activity is recorded when an alert notification recipient is deleted from the system. | Removing a recipient from the list of alert notification recipients; Deleting a user or group who receives security alert notifications |
| Security configuration activities | Exclusion configuration was deleted | The activity is recorded when an exclusion configuration is deleted from the security system. | Deleting an exclusion rule from security monitoring settings; Removing an exclusion configuration for specific files or activities |
| Alert management activities | Alert notification recipient was added | The activity is recorded when a new recipient is added to the list of alert notification recipients. | Adding a user or group as a recipient of security alert notifications; Including a new recipient to receive system-generated alerts |
| Security configuration activities | Exclusion configuration was added | The activity is recorded when a new exclusion configuration is added to the security system. | Adding an exclusion rule to bypass certain security checks; Including an exclusion configuration for specific files or activities |
| Workspace management activities | Directory services account configuration was updated in workspace | The activity is recorded when the directory services account configuration is updated within a workspace. | Updating account settings for directory services within the workspace; Changing directory access configurations in the system |
| Security configuration activities | Security exclusion configuration was updated | The activity is recorded when the security exclusion configuration is updated in the system. | Modifying the security exclusion rules; Updating security settings for exclusion of certain processes or files |
| Security notification management activities | Security notification configuration was updated | The activity is recorded when the configuration for security notifications is updated. | Updating settings for who receives security notifications; Changing notification preferences for alerts and events |
| Logging and monitoring activities | Syslog notification configuration was updated | The activity is recorded when the Syslog notification configuration is updated. | Modifying Syslog notification settings; Updating how the system logs and notifies security events |
| Logging and monitoring activities | Syslog service configuration was updated | The activity is recorded when the Syslog service configuration is updated. | Changing configuration settings for Syslog service; Updating Syslog server details or communication settings |
| Tagging configuration management activities | User asked to update tagging configuration | The activity is recorded when a user requests an update to the tagging configuration for a system or resource. | A user requesting changes to the system's tagging configuration; Updating tags for organizational or security purposes |
| Alert management activities | Monitoring alert notification recipient was added | The activity is recorded when a new recipient is added to the list of monitoring alert notification recipients. | Adding a new user or group to receive monitoring alert notifications; Including a recipient for operational monitoring alerts |
| Alert management activities | Monitoring alert notification recipient was deleted | The activity is recorded when a recipient is deleted from the monitoring alert notification list. | Removing a user or group from receiving monitoring alert notifications; Deleting a recipient from the monitoring notification system |
| Localization management activities | Localization configuration was updated | The activity is recorded when the localization configuration settings are updated in the system. | Modifying language settings or regional preferences; Updating the configuration for different language options in the system |
| Portal management activities | Mtp portal redirection updated | The activity is recorded when the redirection settings for the MTP portal are updated. | Changing the URL or configuration for MTP portal redirection; Updating redirection rules to a new portal or location |
| User management activities | Deleted account was anonymized | The activity is recorded when a deleted user account is anonymized in the system. | Anonymizing data associated with a deleted user account; Removing personal information from a deleted account while retaining the data |
| License management activities | Urbac license status received | The activity is recorded when the URBAC license status is received or updated. | Receiving a report on the status of URBAC licenses; Checking the status of active URBAC licenses |
| Workspace management activities | Workspace status was received | The activity is recorded when the status of a workspace is received by the system. | Receiving an update or report on the current status of a workspace; Getting the operational status or health of a workspace |
| Configuration management activities | Reporter configuration was updated | The activity is recorded when the configuration for the reporter is updated. | Updating settings related to report generation or delivery; Modifying the reporter configuration to change report contents or recipients |
| Entity management activities | Entity remediation configuration was updated | The activity is recorded when the configuration for entity remediation is updated in the system. | Modifying the rules or policies for entity remediation; Changing settings for automated entity correction or cleanup |
| API authorization activities | Api authorization status | The activity is recorded when the status of API authorization changes, such as granting or revoking access. | Changing the authorization status for an API access request; Revoking or granting permissions for an API |
| URBAC activities | URbac HasRoles status was received | The activity is recorded when the URBAC HasRoles status is received by the system. | Receiving the current roles status for URBAC (User Role-Based Access Control); Updating role assignments for users within the system |
| Report management activities | Report was downloaded | The activity is recorded when a report is downloaded from the system. | Downloading a report file from the system; Exporting a report in a specific format |
| Workspace management activities | Workspace portal URL was received | The activity is recorded when the URL for the workspace portal is received. | Receiving the URL for accessing the workspace portal; Obtaining the link to the workspace's online interface |
| Power Platform lifecycle management | Power Platform environment lifecycle operations | The activity is recorded when an operation related to the lifecycle of a Power Platform environment is performed. | Creating a new Power Platform environment; Modifying or deleting an existing Power Platform environment |
| Environment provisioning activities | Provisioned environment | The activity is recorded when a new environment is provisioned in the system. | Creating a new environment in the platform; Setting up a new instance of an environment for use |
| Environment management activities | Deleted environment | The activity is recorded when an environment is deleted from the system. | Removing an environment from the system; Deleting an environment instance from the platform |
| Environment recovery activities | Recovered environment | The activity is recorded when an environment is recovered after a deletion or failure. | Restoring a previously deleted or failed environment; Recovering an environment to a previous operational state |
| Environment deletion activities | Hard-deleted environment | The activity is recorded when an environment is permanently deleted and cannot be recovered. | Permanently deleting an environment from the system; Removing an environment with no possibility of restoration |
| Environment management activities | Moved environment | The activity is recorded when an environment is moved from one location to another. | Transferring an environment between different regions or accounts; Relocating an environment to a new infrastructure or platform |
| Environment duplication activities | Copied environment | The activity is recorded when an environment is copied from one instance to another. | Creating a duplicate of an existing environment; Copying an environment's configuration or resources to a new location |
| Backup activities | Backed up environment | The activity is recorded when an environment is backed up for recovery purposes. | Creating a backup of an environment's configuration and data; Storing a snapshot of an environment for disaster recovery |
| Environment restoration activities | Restored environment | The activity is recorded when an environment is restored from a backup or previous state. | Restoring an environment to a previous working state; Reverting to a saved backup of an environment |
| Environment management activities | Converted environment type | The activity is recorded when the type of an environment is changed (e.g., from test to production). | Changing the environment type from development to production; Converting an environment for a different purpose or use case |
| Environment reset activities | Reset environment | The activity is recorded when an environment is reset to its initial state or configuration. | Resetting an environment to default settings; Clearing all data and configurations in an environment |
| Environment upgrade activities | Upgraded environment | The activity is recorded when an environment is upgraded to a new version or configuration. | Upgrading an environment to the latest version; Applying a patch or update to the environment |
| Encryption and key management activities | CMK-Renewed environment | The activity is recorded when the customer-managed key (CMK) for an environment is renewed. | Renewing the customer-managed encryption key for an environment; Updating the encryption key for securing data within the environment |
| Encryption and key management activities | CMK-Reverted environment | The activity is recorded when the customer-managed key (CMK) for an environment is reverted to a previous version. | Reverting the encryption key for an environment to an earlier version; Rolling back to a previous CMK for data protection |
| Environment configuration activities | Changed property on environment | The activity is recorded when a property of an environment is changed (e.g., settings, configurations, etc.). | Modifying a setting or configuration property for an environment; Updating properties related to environment performance or behavior |
| Environment configuration activities | Changed setting on environment | The activity is recorded when a setting within an environment is changed. | Changing configuration settings related to security, performance, or resources; Modifying environmental settings to adjust system behavior |
| Power Platform analytics activities | Power Platform analytics configuration operations | The activity is recorded when there are operations related to the configuration of Power Platform analytics. | Configuring analytics settings for Power Platform environments; Modifying data sources or reporting settings within Power Platform analytics |
| Power Platform analytics activities | Updated analytics tenant setting | The activity is recorded when the analytics tenant settings are updated within Power Platform or a related system. | Changing the analytics settings for a tenant; Updating tenant-wide reporting or data collection settings |
| Application Insights management activities | Created application insights data export instance | The activity is recorded when an application insights data export instance is created. | Setting up a new data export instance for Application Insights; Creating an export configuration to send Application Insights data to another system |
| Application Insights management activities | Deleted application insights data export instance | The activity is recorded when an application insights data export instance is deleted. | Removing a previously created data export instance from Application Insights; Deleting a configured export configuration for Application Insights data |
| Data lake management activities | Created data lake data export instance | The activity is recorded when a data lake data export instance is created. | Setting up a new data export instance for data lakes; Configuring data export to a data lake for long-term storage |
| Data lake management activities | Deleted data lake data export instance | The activity is recorded when a data lake data export instance is deleted. | Removing a data export instance from a data lake; Deleting a configuration for exporting data to a data lake |
| Purview data policy activities | Created Purview data policy | The activity is recorded when a user or system creates a Purview data policy for managing data classification and governance. | Creating a new data policy within Microsoft Purview; Setting up a policy to govern data classification and protection; Configuring rules for data governance within Microsoft Purview |
| Purview data policy activities | Updated Purview data policy | The activity is recorded when a user or system modifies an existing Purview data policy that governs data classification, access, or compliance rules. | Changing access permissions in a data policy; Modifying classification rules; Updating conditions or scope of an existing policy |
| Purview data policy activities | Deleted Purview data policy | The activity is recorded when a user or system deletes an existing Purview data policy. | Removing outdated data governance policies; Deleting unused or misconfigured Purview policies |
| Purview data policy activities | Published Purview data policy | The activity is recorded when a user or system publishes a Purview data policy to enforce it across targeted resources. | Publishing a newly created data policy for use; Making a draft policy active in Microsoft Purview |
| Purview data policy activities | Unpublished Purview data policy | The activity is recorded when a user or system unpublishes an active Purview data policy, making it inactive. | Disabling a data policy temporarily; Rolling back changes in data governance enforcement |
| Purview metadata policy activities | Created metadata policy | The activity is recorded when a user or system creates a metadata policy to define how metadata is handled, stored, or protected in Microsoft Purview. | Creating policies to control metadata visibility; Defining classification rules based on metadata attributes |
| Purview metadata policy activities | Updated metadata policy | The activity is recorded when a user or system updates an existing metadata policy in Microsoft Purview. | Changing metadata visibility settings; Modifying attribute-based rules for metadata policies |
| Unified App Management activities | Changed app availability | The activity is recorded when a user or system updates the availability status of an app, which affects whether the app is accessible or visible to users in the organization. | Marking an app as available in the organization’s app catalog; Hiding an app from users; Restricting app availability to specific user groups; Temporarily disabling app access |
| Unified App Management activities | Changed tenant defaults | The activity is recorded when a user or system modifies the default settings or configurations at the tenant level, which can impact organization-wide behaviors and policies. | Changing default app visibility settings; Updating tenant-wide compliance settings; Altering tenant-level permissions for app management |
| Unified App Management activities | Changed app state | The activity is recorded when a user or system changes the operational state of an app, such as enabling, disabling, or retiring it within the organizational environment. | Disabling a deprecated app; Enabling a newly approved app; Changing an app's lifecycle status to 'retired' |
| Unified App Management activities | Changed app deployment | The activity is recorded when a user or system modifies the deployment configuration of an app, affecting how and where the app is distributed across the organization. | Deploying an app to a new group of users; Removing an app from a specific department; Changing deployment method from manual to automatic |
Microsoft Purview is a game-changing solution for modern data governance, offering a unified approach to managing, protecting, and maximizing the value of your data. Whether you're looking to understand its fundamentals, explore its powerful features, or learn how it simplifies administrative workflows, Purview equips organizations with the tools needed to thrive in a data-driven world. Take control of your data with confidence, streamline compliance, and unlock new opportunities for growth.