Unit 8: Logs and Monitoring

Monitoring is essential for validating security posture.

Available Logs

• Audit logs for configuration changes.
• Traffic logs showing sessions, connections, and transactions.
• Enriched Microsoft 365 logs with performance and security insights.

Logs can be exported to:

• Log Analytics.
• Storage accounts.
• Event hubs.
• SIEM tools.

Retention varies by log type and license.

Final Retention Summary

Microsoft Entra Global Secure Access replaces traditional VPNs and proxies with an identity-aware, Zero Trust network perimeter.

Key exam takeaways:

• Global Secure Access = Internet Access + Private Access.
• Built on Security Service Edge (SSE).
• Uses Conditional Access and CAE.
• Eliminates VPN dependency.
• Enforces compliant network checks.
• Protects both public and private resources.
• Requires proper logging and monitoring.