#skype4b Audit Change Tracking Management?

With the right administrative permissions, a #skype4b administrator can add new or modify existing policies and global configuration settings. Every team member is happy when things go according to plan. If a system-wide or scope-level setting[1] goes awry, your end-users will likely be your most reliable “first level alarm” system. In this case, any remedial actions will visibly affect respective services or users in the firm.

Likewise, a Skype for Business enabled user…… can be configured with unique values for attribute settings such as LineURI and SipAddress. Others involve assigning user or tag scope policy from the likes of VoicePolicy or DialPlan. Changes generally affect each user individually although any policy rollout can touch multiple users correspondingly.

Either way, there is no out-of-box change audit mechanism in Skype for Business Server. In order words, a successful modification provides no clue of the identity of the real person or automated script behind it. There is no record or audit trail of when exactly a change was made whatsoever in a #skype4b on-premise system either.

For user level settings, you could inspect the whenChanged datetime property returned by Get-CsUser as a change indicator. Nevertheless, beware that this is not foolproof since it can happen that other properties continue to maintain or get set back to their original values (after an edit), including the granting and revokation of #skype4b policies.

You can convince yourself by first saving a user’s state, make an explicit change to 1 or more properties, save and then revert back before running Compare-Object[2] to observe this behaviour.

In the absense of a third party solution, you can save an “as-is” snapshot for historical archiving of important system and user settings to aid IT support, troubleshooting, and auditing and change management. By comparing the logs based on a timeline, you can determine what might have changed in the given period.

This approach is straightforward and can be easier to manage than using Export-CsUserData, for instance, which invokes working with .zip and multiple files in the XML data format.

[1] global,site or service (pool) scope level
[2] at the object’s property level

Leave a Reply