Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Intune Service Desktop Security Technical Implementation Guide
SRG-APP-000125-UEM-000074
SRG-APP-000125-UEM-000074
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000125-UEM-000074
1 Rule
<GroupDescription></GroupDescription>
Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.
Medium Severity
<VulnDiscussion>Note: UEM server logs include logs of UEM events and logs transferred to Microsoft Intune service by UEM agents of managed devices. Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps ensure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: FAU_STG_EXT.1.1, FMT_SMF.1.1(2) Refinement b, FMT_SMF.1.1(2) c.8 Satisfies: SRG-APP-000125-UEM-000074, SRG-APP-000275-UEM-000157, SRG-APP-000358-UEM-000228</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>