Provide a way to audit EDP logs for BYOD Devices
Provide a method to audit changes in file status from Work to Personal on MDM joined devices when Allow Override is enabled.
The solution will be to advise the users that logging will be enabled and that only the EDP logs related to WIP management will be captured for audit purposes. We will then push syslog-NG provided by a company called Balabit. This will use a TLS certificate and an external service to receive the logs. Reports will be generated and logging events will be captured for devices.
It would be nice if Microsoft could automate a similar process moving the data into Graph. A Intune setting could be configured to enable the feature which would integrate a popup / notification for the users that this was being captured.