logging

Microsoft's Expanded Cloud Logs Implementation Playbook details new logging capabilities in Microsoft Purview Audit for detecting intrusions. It allows organizations to access critical events (like mail activity) and integrate logs into SIEM systems. Aimed at technical personnel, it guides operationalizing these logs in M365 to enhance cybersecurity. Initially available to select federal agencies, now accessible for E3/G3 customers. Feedback can be directed to CISA’s FEIT.

https://www.cisa.gov/resources-tools/resources/microsoft-expanded-cloud-logs-implementation-playbook