LOG-06MediumEnhanced Security
Sign-In Log Anomaly Baseline
Logging & Visibility control for Microsoft 365 and Entra ID
Why This Control Matters
Without a baseline of normal activity, you cannot detect anomalous behavior. Establishing what "normal" looks like enables detection of unauthorized role assignments, policy changes, and consent grants.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Baseline of normal privileged operations is established
- 2Unusual spikes in role changes or CA modifications are detected
- 3SIEM integration provides continuous anomaly monitoring
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Advisory analysis based on audit log patterns. SIEM integration recommended.
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.