mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 18:33:43 +00:00
cleaned up code blocks
This commit is contained in:
Patti Short
@ -65,86 +65,86 @@ Here are a few examples of responses from the Reporting CSP.
|
||||
|
||||
#### File ownership on a file is changed from work to personal
|
||||
```
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="ProtectionRemoved" TimeStamp="131357166318347527">
|
||||
<Policy>Protection removed</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<FilePath>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</FilePath>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="ProtectionRemoved" TimeStamp="131357166318347527">
|
||||
<Policy>Protection removed</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<FilePath>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</FilePath>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
```
|
||||
|
||||
#### A work file is uploaded to a personal webpage in Edge
|
||||
```
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357192409318534">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>NULL</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||
<DataInfo>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357192409318534">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>NULL</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||
<DataInfo>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
```
|
||||
|
||||
#### Work data is pasted into a personal webpage
|
||||
```
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357193734179782">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357193734179782">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
```
|
||||
|
||||
#### A work file is opened with a personal application
|
||||
```
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="ApplicationGenerated" TimeStamp="131357194991209469">
|
||||
<Policy>NULL</Policy>
|
||||
<Justification></Justification>
|
||||
<Object>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</Object>
|
||||
<Action>1</Action>
|
||||
<SourceName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</SourceName>
|
||||
<DestinationEnterpriseID>Personal</DestinationEnterpriseID>
|
||||
<DestinationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</DestinationName>
|
||||
<Application>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</Application>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="ApplicationGenerated" TimeStamp="131357194991209469">
|
||||
<Policy>NULL</Policy>
|
||||
<Justification></Justification>
|
||||
<Object>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</Object>
|
||||
<Action>1</Action>
|
||||
<SourceName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</SourceName>
|
||||
<DestinationEnterpriseID>Personal</DestinationEnterpriseID>
|
||||
<DestinationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</DestinationName>
|
||||
<Application>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</Application>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
```
|
||||
|
||||
#### Work data is pasted into a personal application
|
||||
```
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357196076537270">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName></DestinationApplicationName>
|
||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357196076537270">
|
||||
<Policy>CopyPaste</Policy>
|
||||
<Justification>NULL</Justification>
|
||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||
<DestinationApplicationName></DestinationApplicationName>
|
||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||
</Log>
|
||||
</User>
|
||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||
```
|
||||
|
||||
## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only)
|
||||
|
||||
Reference in New Issue
Block a user