Help Center

Find help articles, support information and more.

Audit Vault for M365 Tenant Privacy Settings Guide


Introduction:

Some organizations—particularly those operating in regulated industries or in regions with strict privacy laws—may choose to limit the visibility of certain data points in audit logs. For example, IP addresses or machine names may be considered sensitive and not appropriate to share with all users reviewing audit activity. The Tenant Privacy Settings page provides Company Administrators with the ability to enforce such privacy rules consistently across their tenant.

This feature allows your organization to define and enable a tenant-wide privacy policy, which restricts specific fields from appearing in the Audit Log Detail view within Audit Vault for M365.


What you'll learn:
  • How to enable the Privacy Settings on your Tenant's profile in Audit Vault for M365.
  • How to configure your Privacy Settings.
Prerequisites:

Before you begin, make sure the following is already set up:

  • Audit Vault for M365 has been successfully configured for your organization.
  • Your Microsoft 365 tenant is properly connected to Audit Vault.


Tenant Privacy Settings:


When the Tenant Privacy Policy is enabled, selected fields are fully hidden from all users, except for those with the authority to modify the policy itself (i.e., Company Administrators). This helps ensure that sensitive information—such as user IP addresses, machine identifiers, or email metadata—is not exposed inadvertently through the audit trail.

By default, the Privacy Policy is disabled. No fields are hidden unless the policy is explicitly turned on and configured.
1. Enable the Tenant Privacy Policy

Only Company Administrators can enable or disable the privacy policy. This action is tenant-wide and once enabled, the system begins enforcing field restrictions across all users.

  • Navigate to the Tenant Privacy Settings page.
  • Toggle the switch to Enable Privacy Policy.

Note: Enabling the policy does not immediately hide any fields—it only activates the ability to restrict them.

By default, the Privacy Policy is disabled. No fields are hidden unless the policy is explicitly turned on and configured.
2. Configure Restricted Fields by Workload

Once the policy is enabled, you can configure which fields should be hidden in the audit logs. Restrictions are set per workload, giving you fine-grained control over privacy enforcement.

Examples:

To restrict fields:

  1. Select the desired Workload (e.g., SharePoint, Exchange, Teams).
  2. Select the desired field to restrict from the available list.
  3. Click Add and the field will be added to the restricted list for that workload.

Once a field is marked as restricted, it is no longer visible to any users in Audit Log Detail views.


3. Modify or Remove Restrictions

At any time, a Company Administrator can:

  • Add or remove restricted fields
  • Disable the privacy policy entirely
Who Can Make Changes?

Only users assigned the Company Administrator role can:

  • Enable or disable the tenant privacy policy
  • Select which fields are restricted per workload

End users or auditors without this role cannot view or modify the privacy settings.


Best Practices

To get the most out of Audit Vault for M365 privacy settings, it's important to consider the following:

The Tenant Privacy Settings feature empowers organizations to meet internal and external privacy requirements by controlling the visibility of sensitive data within audit logs. It offers flexibility, security, and centralized control—ensuring only necessary information is shared during audit reviews.


Need Help? Reach out to support by clicking the button below.

Contact Us »