Microsoft Android 11 must be configured to enable audit logging.
An XCCDF Rule
Description
<VulnDiscussion>Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. To be useful, Administrators must have the ability to view the audit logs. SFR ID: FMT_SMF_EXT.1.1 #32</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-255187r870789_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the Microsoft Android 11 device to enable audit logging.
On the EMM console:
1. Open "Device owner management" section.
2. Toggle "Enable security logging" to "On".