Episode 103 – Microsoft 365 Unified Audit Log

In this episode, we take a comprehensive plunge into the Microsoft Purview Unified Audit log, unraveling its capacity to enable organizations in vigilant monitoring and meticulous activity tracking. Our dialogue encompasses the significance of Microsoft Purview Audit Premium, set to be free with E3 or E5 this September. We also discuss the Storm-0558 threat that took place in July 2023, and how Microsoft responded to mitigate this issue. Moreover, we outline the distinct divergences within the Audit logs, contingent on the utilization of either an E3 or E5 license.

Important links:

  1. Analysis of Storm-0558 techniques for unauthorized email access: https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/
  2. Microsoft Blog announcing the new change to audit events that are available with standard licenses: https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ&epi=TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ&irgwc=1&OCID=AIDcmm549zy227_aff_7593_1243925&tduid=%28ir__cevxmjhgxskfdzrubqrmalsqxe2xepde1rz1h9g900%29%287593%29%281243925%29%28TnL5HPStwNw-HD0Iy8FEe1Ypa.QDOprQkQ%29%28%29&irclickid=_cevxmjhgxskfdzrubqrmalsqxe2xepde1rz1h9g900
  3. Microsoft’s Threat Intelligence Blog: https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/?sort-by=newest-oldest&date=any

DOWNLOAD THIS PODCAST