Skip to main content

Monitoring: Leverage and monitor Traffic Logging

Implementation Effort: Low

User Impact: Low

Overview

In a Zero Trust security model, the principle of “never trust, always verify” applies not just to users and devices, but also to network traffic. Monitoring and logging network activity is critical for enforcing Zero Trust because it provides continuous visibility into how resources are accessed, ensures compliance with security policies, and enables rapid detection of suspicious or unauthorized behavior.

By leveraging Microsoft Entra Global Secure Access logs, organizations can track access attempts, monitor data flows, and identify anomalies in real-time. This granular monitoring helps validate that only authorized identities and devices are accessing sensitive resources, supports incident response, and provides vital evidence for audits and investigations. Comprehensive traffic logging is therefore a foundational element in maintaining and proving the effectiveness of a Zero Trust architecture. Besides the traffic logs, additional logs are avialable for additional signals:

  • Audit Logs: Track changes to Global Secure Access, such as filtering policy, forwarding profiles, and remote network management.
  • Traffic Logs: Record details about network traffic passing through Global Secure Access.
  • Client Logs: Capture activity and diagnostics from the Global Secure Access client for troubleshooting.
  • Enriched Office 365 Audit Logs: Provide detailed auditing of Office 365 activity when accessed via Global Secure Access.

These logs collectively give you comprehensive visibility and traceability to support operational monitoring, security investigations, and compliance in a Zero Trust environment.

Reference