Office 365 Security Owner todayJuly 29, 2019
The Office 365 audit log collects records from different workloads. Then these records are normalized to be in the same common field. The common fields are governed by a set of schemas.
This is a sensible approach. Audit information is always different. So the creation of a new group is needed. But there is a downside to this process. This is a normalization process. Mostly some interesting information that a workload capture does not make it into the Office 365 audit log.
Hence, it is good to govern the fields with a set of schema.
Written by: Owner