The M365 unified audit log capability tracks actions taken across many of the M365 services. The log types supported depend on services in use, tenant licensing, and licenses applied to individual users. This epic is built around using identified changes to audit policies from previous work to update baseline auditing policies and associated code assessment checks, where feasible.
Motivation and context
Auditing is a critical component for monitoring SaaS usage patterns, potential misuse, and detecting threats. Based on the expanded availability of several log types previously only available to Purview Premium and the publication of the Microsoft Expanded Cloud Logs Implementation Playbook, SCuBA baselines should be reviewed and updated to keep pace with these service updates and latest guidance.
Implementation notes
Implementing auditing policy and assessment check enhancements will include:
Review previously identified baseline policy recommendations and integrate into all relevant existing baselines
Updating assessment checks to align with policy updates and adding new checks
💡 Summary
The M365 unified audit log capability tracks actions taken across many of the M365 services. The log types supported depend on services in use, tenant licensing, and licenses applied to individual users. This epic is built around using identified changes to audit policies from previous work to update baseline auditing policies and associated code assessment checks, where feasible.
Motivation and context
Auditing is a critical component for monitoring SaaS usage patterns, potential misuse, and detecting threats. Based on the expanded availability of several log types previously only available to Purview Premium and the publication of the Microsoft Expanded Cloud Logs Implementation Playbook, SCuBA baselines should be reviewed and updated to keep pace with these service updates and latest guidance.
Implementation notes
Implementing auditing policy and assessment check enhancements will include:
Acceptance criteria
The following issues are completed