WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), in close coordination with the Office of Management and Budget (OMB), Office of the National Cyber Director (ONCD), and Microsoft, announced the release of Microsoft Expanded Cloud Log Implementation Playbook. This guidance helps public and private sector organizations using Microsoft Purview Audit (Standard) to operationalize newly available cloud logs to be an actionable part of their enterprise cybersecurity operations.
The playbook provides guidance on each newly available log and how these logs can be enabled and operationalized to support threat hunting and incident-response operations. It provides organizations with scenario-based analysis on the common tactics related to identity-based compromises. It also provides best practices to navigate M365 logs and perform administrator actions to enable the logs to help cyber defenders detect malicious activity.