• How to see who modified or changed a policy from within the console, and when this happened
• Seeing when a computer was moved from one policy to another
• Audit other user actions within the console

• App Control: All Supported Versions
• Microsoft Windows: All Supported Versions

1. In the console, navigate to Reports > Events
2. Add a column for 'Subtype' and click Apply
3. Add a filter for 'Subtype' 'is' 'Policy modified', and click Apply
4. Set the Max Age to 3 months for maximum visibility and click Apply
 

• This will show who modified a policy and when, but it will not show what was actually changed in most cases
• To view when an endpoint enforcement level or policy was changed add the Subtype = Computer modified
• Other Subtypes can be used for different type of events or changes
• Further information on using the Reports > Events view can be found in the User Guide for each App Control version