Skip to content
Get a Demo
    Cheat Sheet

    Investigating Microsoft 365 Compromises


    Microsoft 365 Unified Audit Logs (UAL) are a critical data source when investigating and responding to potential Microsoft 365 compromises, such as Business Email Compromise (BEC), Account Takeover (ATO), and insider threats.

    This cheat sheet is designed to provide an overview of key activity types within Microsoft 365 that are logged in the Unified Audit Log (UAL) that security teams should investigate when responding to such threats.

    This cheat sheet covers:

    • Key Microsoft 365 activity types
    • Best practices for accessing Microsoft 365 logs
    • Useful commands when investigating and responding to incidents in an M365 environment
    • Popular open-source tools and further reading
    cloud image

    Download Now