LOG-01: Enable Unified Audit Logging

Frequently asked questions about implementing and managing the LOG-01 security control in Microsoft 365 and Entra ID.

Q
What is LOG-01 (Enable Unified Audit Logging)?
A

LOG-01 is a security control that without audit logs, you cannot detect compromises, investigate incidents, or meet compliance requirements. logs are your forensic evidence and early warning system. It requires that unified audit log is enabled in microsoft purview and sign-in logs are enabled in entra id, default retention (90 days for e3, 1 year for e5) is active.

Related controls:LOG-01
Q
Why is Enable Unified Audit Logging important for Microsoft 365 security?
A

Without audit logs, you cannot detect compromises, investigate incidents, or meet compliance requirements. Logs are your forensic evidence and early warning system.

Related controls:LOG-01
Q
How do I implement LOG-01 in my tenant?
A

LOG-01 requires manual implementation. Requires Microsoft Purview admin access - cannot be evaluated via Graph API

Related controls:LOG-01
Q
What license do I need for LOG-01?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:LOG-01
Q
Which security baseline includes LOG-01?
A

LOG-01 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:LOG-01

5

Questions

1

Related Controls

Categorized

Related Resources

LOG-01 Control Reference

Detailed documentation and implementation guidance

Logging & Visibility Controls

All controls in the Logging & Visibility category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →