LOG-03HighMaximum Security

Stream All Security Events to SIEM in Real-Time

Logging & Visibility control for Microsoft 365 and Entra ID

Why This Control Matters

Real-time log streaming enables immediate threat detection and correlation across your security stack. Level 3 organizations can detect and respond to attacks within minutes, not days.

Expected State

When this control is compliant, your tenant should meet these criteria:

1All Entra ID sign-in and audit logs stream to SIEM in real-time
2Custom detection rules alert on suspicious patterns
3Log retention is at least 2 years for compliance

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Requires Microsoft Sentinel or external SIEM integration

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.