Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)

Module
7 Units

Intermediate

Security Operations Analyst

Microsoft Purview

Microsoft Defender

Microsoft 365

Microsoft Exchange Online

Azure Cloud Shell

This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.

Learning objectives

By the end of this module, you'll be able to:

Describe the differences between Audit (Standard) and Audit (Premium).
Set up and implement Microsoft Purview Audit (Premium).
Create audit log retention policies.
Perform forensic investigations of compromised user accounts.

Prerequisites

Ability to navigate the Microsoft Purview or Microsoft Defender portals
Basic knowledge of PowerShell
Ability to run PowerShell cmdlets with Cloud Shell

Introduction to threat investigation with Microsoft Purview Audit (Premium) min
Explore Microsoft Purview Audit (Premium) min
Implement Microsoft Purview Audit (Premium) min
Manage audit log retention policies min
Investigate compromised email accounts using Purview Audit (Premium) min
Knowledge check min
Summary min