Microsoft 365 Unified Audit Log (UAL) logs are a critical data source when investigating and responding to potential Microsoft 365 compromises, such as Business Email Compromise (BEC), Account Takeover (ATO), and insider threats.
This cheat sheet is designed to provide an overview of key activity types within Microsoft 365 that are logged in the Unified Audit Log (UAL) that security teams should investigate when responding to such threats.
What's Covered:
- Key Microsoft 365 activity types
- Best practices for accessing Microsoft 365 logs
- Useful commands when investigating and responding to incidents in an M365 environment
- Popular open-source tools & further reading
Share
