Problem statement
We recently experienced a critical issue due to a corrupt value in one of our branding templates. We would like to find out when this occurred and who did it.
Solution
The easiest way to check this in the tenant logs is to go to the template/branding section in Inspector and click on API v2 updates logs.
For example, the search query for checking the audit of the reset_email template would be as follows:
details.request.path:"/api/v2/email-templates/reset_email" OR
details.response.body.template:"reset_email"
You might be able to determine who made the changes unless it was performed by an application (eg. a Machine-to-Machine client). Also, the tenant logs are limited based on your tenant subscription so you won’t be able to see changes older than the log retention date.