Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)

Intermediate
Security Operations Analyst
Microsoft Purview
Microsoft Defender
Microsoft 365
Microsoft Exchange Online
Azure Cloud Shell

This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.

Learning objectives

By the end of this module, you'll be able to:

  • Describe the differences between Audit (Standard) and Audit (Premium).
  • Set up and implement Microsoft Purview Audit (Premium).
  • Create audit log retention policies.
  • Perform forensic investigations of compromised user accounts.

Prerequisites

  • Ability to navigate the Microsoft Purview or Microsoft Defender portals
  • Basic knowledge of PowerShell
  • Ability to run PowerShell cmdlets with Cloud Shell