Closed secureaf closed 3 years ago
secureaf
commented
3 years ago May have resolved the issue by adding the TenantAdmins role group to the Compliance Management role group. After doing so was able to successfully execute the powershell command. Would still be curious if this makes sense. Thanks!
Cyb3rWard0g
commented
3 years ago I do not know why it needed that role group tbh. Thank you for reporting it. We will see if we get the same after a few deployments in other environments. We will open this back up if it is something we see across other environments.
Greetings,
Running into an issue when attempting to run the powershell command to enable Audit Log Search in O365:
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $trueError message is: _The command you tried to run isn't currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.
Ran the suggested Enable-OrganizationCustomization command and it reported the command was not needed because customization already turned on.
Attempted to turn on Auditing in the O365 SCC GUI but receive an error there as well: Sorry! We couldn't update your organization settings. Please try again.
I do see the following note in the Prereqs for this section: You must be assigned the Audit Logs role in Exchange Online to turn audit log search on or off in your Microsoft 365 organization. By default, this role is assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global admins in Microsoft 365 are members of the Organization Management role group in Exchange Online.
Looking in Exchange Admin Center, the single global admin account that I created when setting up the environment is in the TenantAdmins role group, and that group is assigned the Organization Management role. I did attempt to add the Admin account directly to see if that would have any impact but still the same issue for me.
Any guidance would be appreciated!