Microsoft Intune service must be configured to transfer Intune logs to another server for storage, analysis, and reporting at least every seven days.

Description

<VulnDiscussion>Note: UEM server logs include logs of UEM events and logs transferred to Microsoft Intune service by UEM agents of managed devices. Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an organizationally defined frequency helps ensure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. Satisfies: FAU_STG_EXT.1.1, FMT_SMF.1.1(2) Refinement b, FMT_SMF.1.1(2) c.8 Satisfies: SRG-APP-000125-UEM-000074, SRG-APP-000275-UEM-000157, SRG-APP-000358-UEM-000228</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>