Categories: US-Cert-Repository

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.

The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers:

An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online).
A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
A discussion of significant events in other M365 services, such as Teams.

CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations.

Source link

admin

Next CISA Adds One Known Exploited Vulnerability to Catalog »

Previous « Fortinet Releases Security Updates for Multiple Products

This website uses cookies.

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

Recent Posts

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Joint Advisory Issued on Protecting Against Interlock Ransomware

CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Three Industrial Control Systems Advisories