Office 365 Security Owner todayJuly 29, 2019 1
The Office 365 audit log collects records from different workloads. Then these records are normalized to be in the same common field. The common fields are governed by a set of schemas.
This is a sensible approach. Audit information is always different. So the creation of a new group is needed. But there is a downside to this process. This is a normalization process. Mostly some interesting information that a workload capture does not make it into the Office 365 audit log.
Hence, it is good to govern the fields with a set of schema.
Written by: Owner