Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard

Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard

This module examines how to search for audited activities using the Microsoft Purview Audit (UAL) solution, including how to export, configure, and view the audit log records that were retrieved from an audit log search.

Security Operations Analyst
Microsoft 365
Microsoft Purview
Microsoft Defender for Office 365

Module Objectives

By the end of this module, you'll be able to:

  • Describe the differences between Audit (Standard) and Audit (Premium).
  • Start recording user and admin activity in the Unified Audit Log (UAL).
  • Identify the core features of the Audit (Standard) solution.
  • Set up and implement audit log searching using the Audit (Standard) solution.
  • Export, configure, and view audit log records.
  • Use audit log searching to troubleshoot common support issues.

Units

Prerequisites

  • Ability to navigate the Microsoft Purview or Microsoft Defender portals
  • Basic knowledge of PowerShell
  • Ability to run PowerShell cmdlets with Cloud Shell