Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)
This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.
Learning objectives
By the end of this module, you'll be able to:
- Describe the differences between Audit (Standard) and Audit (Premium).
- Set up and implement Microsoft Purview Audit (Premium).
- Create audit log retention policies.
- Perform forensic investigations of compromised user accounts.
Prerequisites
- Ability to navigate the Microsoft Purview or Microsoft Defender portals
- Basic knowledge of PowerShell
- Ability to run PowerShell cmdlets with Cloud Shell