Summary and resources
Microsoft Purview provides two auditing solutions: Audit (Standard) and Audit (Premium). This module explored Microsoft Purview Audit (Standard). The next module focuses on Microsoft Purview Audit (Premium).
Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in an organization's unified audit log. Audit records for these events are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators in an organization. This capability provides visibility into the activities performed across a Microsoft 365 organization.
This module examined how to search for audited activities using the Audit (Standard) solution. You began by learning how to set up Audit (Standard). This workflow included verifying your subscription and assigning the necessary permissions.
With Audit (Standard) now configured, you learned how to search for audited activities using the audit search tool in the Microsoft Purview compliance portal. You also learned how to search for audited activities using the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell. This cmdlet is the underlying cmdlet for the search tool.
The module then examined how to view the search results. You also learned how to export the search results to a CSV file that can be searched, sorted, and filtered using Microsoft Excel. You then examined how to export, configure, and view the audit log records that were retrieved as a result of an audit log search. This process included formatting the exported audit log using the Power Query Editor in Excel.
The module concluded by examining how to use audit log searching to investigate common support issues reported to Microsoft Support. The module provided suggestions on how to troubleshoot these scenarios by using the audit log search tool in the Microsoft Purview compliance portal. Each scenario explained how to configure an audit log search query for the corresponding issue. It also described what to look for in the detailed information in the audit records that matched the search criteria.
Resources
Microsoft Security Experts Blog Good UAL Hunting