How to Fix: Enable Unified Audit Logging
Step-by-step guide to implement enable unified audit logging in your Microsoft 365 environment.
Free baseline scan · No credit card · 5 minute setup
20-30 minutes
Estimated Time
4
Steps
high
Severity
Recommended Secure
Baseline Level
Why This Matters
Without audit logs, you cannot detect compromises, investigate incidents, or meet compliance requirements. Logs are your forensic evidence and early warning system.
Prerequisites
- 1Global Administrator or appropriate admin role in Microsoft Entra ID
- 2Access to Microsoft Entra admin center (entra.microsoft.com)
Expected Configuration
- Unified Audit Log is enabled in Microsoft Purview
- Sign-in logs are enabled in Entra ID
- Default retention (90 days for E3, 1 year for E5) is active
Remediation Steps
Review Current Configuration
Assess your current configuration in Microsoft Entra admin center.
- •Navigate to the relevant section in Entra admin center
- •Document current settings
- •Compare against expected state
Plan Implementation
Determine the changes needed to meet the expected configuration.
- •Review expected configuration requirements
- •Identify affected users or resources
- •Plan rollout strategy
Implement Changes
Apply the necessary configuration changes.
- •Make required configuration updates
- •Apply to appropriate scope
- •Document changes made
Validate and Monitor
Verify the changes are working as expected.
- •Run TrueConfig scan to verify compliance
- •Test affected functionality
- •Set up ongoing monitoring
Related Resources
Automate Your Security Configuration
TrueConfig scans your Microsoft 365 environment on a schedule you control and, with safety gates, can fix configuration drift automatically. Start your free trial today.
Start Free Trial