schrolla
commented
11 months ago Revisit after Flipper (in Feb) and plan into sprints then.
Open schrolla opened 1 year ago
schrolla
commented
11 months ago Revisit after Flipper (in Feb) and plan into sprints then.
schrolla
commented
2 weeks ago Overlaps with existing #1072. @schrolla Rework this content into active epic and close this out when complete.
💡 Summary
Microsoft has announced changes to their unified auditing and logging capability that will change what event types are logged by default and available to be logged such that event types previously only available to E5/G5 or add-on licensing for Purview (Premium) will now be logged under E3/G3 or Purview (standard) starting September 2023 as noted here. This enhancement is meant to test and validate the specific event types that changed and propose baseline and assessment changes under those changes.
Motivation and context
Auditing and logging M365 events is an important part of securing M365 services, detecting potential security events, and responding to incidents. Accurately understanding which audit events are logged at different licensing levels, both by default and which are available but disabled, is important to recommend audit policy changes and determine if advanced auditing is still needed as part of minimum standards.
Implementation notes
This exploration should include the following:
Acceptance criteria
How do we know when this work is done?