Audit Log
Chronological record of activities and events for security monitoring, compliance, and forensic investigation.
What is Audit Log?
Audit logs capture who did what, when, and where. They are essential for detecting suspicious activity, investigating security incidents, meeting compliance requirements, and understanding system behavior. Effective logging requires capturing the right events, protecting log integrity, retaining logs long enough, and having tools to analyze them.
In Microsoft 365
Azure AD provides sign-in logs (authentication events) and audit logs (configuration changes). Microsoft 365 Unified Audit Log captures events across all workloads. Logs can be exported to Azure Monitor, Microsoft Sentinel, or external SIEMs for long-term retention and analysis.
Examples
- 1Sign-in log entry showing failed authentication
- 2Audit log entry for role assignment change
- 3Exchange audit log for mailbox access
Related TrueConfig Controls
These controls help implement and verify audit log in your Microsoft 365 environment.