LOG-01HighRecommended Secure

Enable Unified Audit Logging

Logging & Visibility control for Microsoft 365 and Entra ID

Why This Control Matters

Without audit logs, you cannot detect compromises, investigate incidents, or meet compliance requirements. Logs are your forensic evidence and early warning system.

Expected State

When this control is compliant, your tenant should meet these criteria:

1Unified Audit Log is enabled in Microsoft Purview
2Sign-in logs are enabled in Entra ID
3Default retention (90 days for E3, 1 year for E5) is active

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Requires Microsoft Purview admin access - cannot be evaluated via Graph API

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.