1000 XP
Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)
This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.
Learning objectives
By the end of this module, you'll be able to:
- Describe the differences between Audit (Standard) and Audit (Premium).
- Set up and implement Microsoft Purview Audit (Premium).
- Create audit log retention policies.
- Perform forensic investigations of compromised user accounts.
Start
Add
Prerequisites
- Ability to navigate the Microsoft Purview or Microsoft Defender portals
- Basic knowledge of PowerShell
- Ability to run PowerShell cmdlets with Cloud Shell
Module assessment
Assess your understanding of this module. Sign in and answer all questions correctly to earn a pass designation on your profile.
Take the module assessment