Microsoft Purview Audit (Standard) logging SHALL be enabled.

Why This Matters

Without Microsoft Purview Audit (Standard) logging enabled, your organization loses visibility into critical user and admin activities across Exchange Online and Microsoft 365 services. This blind spot can allow malicious actions or policy violations to go undetected, making incident response and forensic investigations significantly harder. Enabling audit logging ensures you have a tamper-evident record for compliance and security monitoring.

What Aether365 Checks

Aether365 verifies that Microsoft Purview Audit (Standard) logging is enabled for your Exchange Online and Microsoft 365 environment. This check will appear in your Aether365 dashboard under microsoft-365 checks as CISA.MS.EXO.17.1.

How to Fix

To enable Microsoft Purview Audit (Standard) logging in your tenant, do the following: