Introduction to Microsoft 365 audit logging and monitoring


In cloud environments, customers and cloud service providers share the responsibility for achieving a compliant and secure computing environment. Microsoft uses a shared responsibility model to define security and operational accountability in Microsoft 365 services. While Microsoft 365 secures the underlying cloud infrastructure and services, customers need to be aware of their responsibilities for ensuring a secure tenant environment for their users and data. In the context of audit logging and monitoring, customers are responsible for monitoring their own tenants and users according to the customer's organizational and regulatory requirements.

Microsoft 365 Services are built with extensive logging capabilities to enable customers to meet their organizational requirements. These same capabilities form the foundation of our internal audit logging and monitoring. Microsoft 365 uses centralized log collection and continuous security monitoring to detect and respond to security threats, provide auditable records of actions taken by Microsoft personnel, and meet our business and compliance requirements.

Our audit logging and monitoring strategy revolves around clearly defined logging requirements set by the Microsoft 365 Security team. The log data we collect supports effective security monitoring, rapid incident response, and service availability. Centralized log collection in protected repositories ensures log entries cannot be altered and are retained according to operational and regulatory requirements. To enable rapid detection and response to security threats, our security monitoring systems analyze log data in near real time, alert appropriate personnel, and in many cases respond with automated countermeasures. In addition to security monitoring, service teams use centralized logging to support service health and provide optimal service availability for our customers.

Learn more