While AAD logs are included in the Unified Audit Log, not all record types are. Exchange Online, for example, is associated with Exchange Admin logs, Exchange Item, and Exchange Item Aggregated record types. The same goes for Azure Information Protection and the DLP logging (along with Sensitivity Labels and Information Types).Įach category can have several record types associated with it. You need a license to see and receive Microsoft 365 Defender logs, for example. Some of the categories above give different or reduced information depending on your license type. There is also some nuance with these that we’ll briefly touch on. Thankfully, when enabling the Unified Audit Log via the Compliance Admin Center or PowerShell, you don’t need to individually turn on each of the logs for the categories shown above. To learn more in-depth at each type associated with their respective categories, this document from Microsoft can help.īelow are the different log categories/services provided through the Unified Audit Log: Rather than delving into the individual record types, we’ll focus more on the categories they fall into. Microsoft 365 Unified Audit Logs have various record types. All other tenants will need to manually enable audit logging.īefore getting into how to enable logging and verifying that logging is turned on, let’s dive into what log types you can expect to find within Microsoft 365. Microsoft 365 tenants who are licensed as Enterprise customers will have audit logging automatically enabled for their tenant. This is a cloud-based product suite by Microsoft and has many options for monitoring and compliance through their Unified Audit Log. Microsoft 365 is used by organizations around the world for email and the Office productivity suite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |