View all tenants with Audit Log Search Enabled/Disabled
Audit Logging is disabled by default in the Security Admin center. This creates an issue whereby if a security issue occurs and if this wasn't enabled when the tenant was set up, you find out after the threat occurred that you don't have logs to investigate. It would be ideal if this was enabled by default on M365 tenants, but without this change, it'd be nice to have a view that states the tenants that don't have logging enabled, and an option in that central view to enable logging on the individual tenant.
We appreciate you taking the time to submit this request. We have heard similar feedback from other audiences with regards to audit logging is not enabled by default in the Security Admin Center. We have passed this feedback to the Audit Logging team to prioritize. With regard to central view of audit logging states, we are currently investigating this feature for future release of the service.