Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review Microsoft unified auditing changes #474

Open
3 tasks
schrolla opened this issue Aug 9, 2023 · 2 comments
Open
3 tasks

Review Microsoft unified auditing changes #474

schrolla opened this issue Aug 9, 2023 · 2 comments
Labels
enhancement This issue or pull request will add new or improve existing functionality hands-on-prototyping Reviewing an M365 feature by performing hands-on prototyping
Milestone
Backlog

Comments

@schrolla
Copy link
Collaborator

schrolla commented Aug 9, 2023
edited
Loading

💡 Summary

Microsoft has announced changes to their unified auditing and logging capability that will change what event types are logged by default and available to be logged such that event types previously only available to E5/G5 or add-on licensing for Purview (Premium) will now be logged under E3/G3 or Purview (standard) starting September 2023 as noted here. This enhancement is meant to test and validate the specific event types that changed and propose baseline and assessment changes under those changes.

Motivation and context

Auditing and logging M365 events is an important part of securing M365 services, detecting potential security events, and responding to incidents. Accurately understanding which audit events are logged at different licensing levels, both by default and which are available but disabled, is important to recommend audit policy changes and determine if advanced auditing is still needed as part of minimum standards.

Implementation notes

This exploration should include the following:

  • Review of updated Microsoft documentation and consulting with Microsoft on new audit policies and event inclusion in Purview Standard
  • Review of existing baseline audit policies and determination of impact
  • Hands-on prototyping and testing of new audit logging to validate new settings in commercial, gcc, and gcchigh regions
  • Set of recommendations for baseline and ScubaGear code updates IAW audit best practices and federal memos and regulations.

Acceptance criteria

How do we know when this work is done?

  • List of both default and non-default event types available at Purview Standard and Premium levels created
  • Baseline policies have been reviewed and recommendations for audit related updates logged in a pull request
  • New code changes to support baseline policy updates successfully logged as issues for prioritization and development
@schrolla schrolla added enhancement This issue or pull request will add new or improve existing functionality hands-on-prototyping Reviewing an M365 feature by performing hands-on prototyping labels Aug 9, 2023
@schrolla schrolla added this to the Backlog milestone Aug 9, 2023
@schrolla
Copy link
Collaborator Author

Revisit after Flipper (in Feb) and plan into sprints then.

@schrolla schrolla mentioned this issue Apr 15, 2024
Open
4 tasks
@schrolla schrolla mentioned this issue May 2, 2024
Closed
3 tasks
@schrolla schrolla modified the milestones: Backlog, Halibut May 23, 2024
@schrolla schrolla modified the milestones: Halibut, Backlog Jul 10, 2024
@schrolla
Copy link
Collaborator Author

Overlaps with existing #1072. @schrolla Rework this content into active epic and close this out when complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement This issue or pull request will add new or improve existing functionality hands-on-prototyping Reviewing an M365 feature by performing hands-on prototyping
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
1 participant
@schrolla