Description
- Type: OPERATIONAL & CUSTOMER
- Severity: ERROR
- Protection against: HACKING
- CIS: M365 5.2 - (L1) Ensure mailbox auditing for all users is Enabled
- FIX Available: YES
This Operational & Customer Check verifies for each mailbox in the tenant if all relevant settings for audit logging are enabled.
Why this check?
Mailbox auditing allows monitoring of login attempts on mailboxes and actions within those mailboxes. Enabling audit logging thus provides the ability to search through mailbox activity. This allows for immediate detection of hacking attempts or to gain insight into malicious behavior in the context of an incident.
Per mailbox, the AuditDelegate, AuditAdmin, and AuditOwner settings are checked.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 5.2 - (L1) Ensure mailbox auditing for all users is Enabled
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: All audit settings in all mailboxes are correctly configured
- Error: In one or more mailboxes, not all settings are correctly configured.
How should this be followed up?
If the output is Error , we advise enabling the missing audit log settings in the specific mailboxes.
A Fix is available for this check, which we will offer via Attic.
Comments
0 comments
Please sign in to leave a comment.