LOG-03: Stream All Security Events to SIEM in Real-Time

Frequently asked questions about implementing and managing the LOG-03 security control in Microsoft 365 and Entra ID.

Q
What is LOG-03 (Stream All Security Events to SIEM in Real-Time)?
A

LOG-03 is a security control that real-time log streaming enables immediate threat detection and correlation across your security stack. level 3 organizations can detect and respond to attacks within minutes, not days. It requires that all entra id sign-in and audit logs stream to siem in real-time and custom detection rules alert on suspicious patterns, log retention is at least 2 years for compliance.

Related controls:LOG-03
Q
Why is Stream All Security Events to SIEM in Real-Time important for Microsoft 365 security?
A

Real-time log streaming enables immediate threat detection and correlation across your security stack. Level 3 organizations can detect and respond to attacks within minutes, not days.

Related controls:LOG-03
Q
How do I implement LOG-03 in my tenant?
A

LOG-03 requires manual implementation. Requires Microsoft Sentinel or external SIEM integration

Related controls:LOG-03
Q
What license do I need for LOG-03?
A

This control requires Azure AD Premium P2 (included in Microsoft 365 E5) or standalone P2.

Related controls:LOG-03
Q
Which security baseline includes LOG-03?
A

LOG-03 is included in the Maximum Security baseline (Level 3). This level is designed for high-security environments and regulated industries.

Related controls:LOG-03

5

Questions

1

Related Controls

Categorized

Related Resources

LOG-03 Control Reference

Detailed documentation and implementation guidance

Logging & Visibility Controls

All controls in the Logging & Visibility category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →