MEAPSA

Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)

This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.

Security Operations Analyst

Microsoft 365

Microsoft Defender

Microsoft Purview

Cloud Shell

Microsoft Exchange Online

Module Objectives

By the end of this module, you'll be able to:

Describe the differences between Audit (Standard) and Audit (Premium).
Set up and implement Microsoft Purview Audit (Premium).
Create audit log retention policies.
Perform forensic investigations of compromised user accounts.

Units

Introduction to threat investigation with Microsoft Purview Audit (Premium) min
Explore Microsoft Purview Audit (Premium) min
Implement Microsoft Purview Audit (Premium) min
Manage audit log retention policies min
Investigate compromised email accounts using Purview Audit (Premium) min
Knowledge check min
Summary min

Prerequisites

Ability to navigate the Microsoft Purview or Microsoft Defender portals
Basic knowledge of PowerShell
Ability to run PowerShell cmdlets with Cloud Shell