Log Audit Events.

Why This Matters

Without comprehensive audit event logging, your organization loses visibility into user activities, system changes, and potential security incidents within Microsoft 365. This blind spot can allow malicious actions to go undetected, complicating forensic investigations and compliance reporting. IT administrators should ensure audit logs are enabled to maintain a clear record of all critical operations.

What Aether365 Checks

This check verifies that audit event logging is enabled for your Microsoft 365 environment. It appears in the Aether365 dashboard under the microsoft-365 checks section, highlighting whether audit logs are actively capturing events.

How to Fix

No specific remediation steps are available for this check. To enable audit logging in Microsoft 365, navigate to the Microsoft 365 Defender portal, go to Audit, and confirm the audit log is turned on. Alternatively, use the Set-AdminAuditLogConfig PowerShell cmdlet to enable unified audit logging.