MS.DEFENDER.6.2v1 - Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.

Information

Standard logging may not include relevant details necessary for visibility into user actions during an incident. Enabling Microsoft Purview Audit (Premium) captures additional event types not included with Standard. Furthermore, it is required for government agencies by OMB M-21-31 (referred to therein as by its former name, Unified Audit Logs w/Advanced Features).

Solution

To set up Microsoft Purview Audit (Premium), see [Set up Microsoft Purview Audit (Premium) \| Microsoft Learn.](https://learn.microsoft.com/en-us/purview/audit-premium-setup?view=o365-worldwide)

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|AC-16, 800-53|AC-17, 800-53|AC-18, 800-53|AC-19, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|CP-6, 800-53|CP-7, 800-53|CP-9, 800-53|SC-4, 800-53|SC-36, 800-53|SI-3, 800-53|SI-4, 800-53|SI-7, 800-53|SI-12

Plugin: microsoft_azure

Control ID: af07e60cada7167b55ada04c8c7d3a87ebaa836efb4bd0c5a8671dcf8650d134