Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard
This module examines how to search for audited activities using the Microsoft Purview Audit (UAL) solution, including how to export, configure, and view the audit log records that were retrieved from an audit log search.
Learning objectives
By the end of this module, you'll be able to:
- Describe the differences between Audit (Standard) and Audit (Premium).
- Start recording user and admin activity in the Unified Audit Log (UAL).
- Identify the core features of the Audit (Standard) solution.
- Set up and implement audit log searching using the Audit (Standard) solution.
- Export, configure, and view audit log records.
- Use audit log searching to troubleshoot common support issues.
Prerequisites
- Ability to navigate the Microsoft Purview or Microsoft Defender portals
- Basic knowledge of PowerShell
- Ability to run PowerShell cmdlets with Cloud Shell