SC-200 - Respond to Security Incidents - Section 2.7
Investigate Microsoft 365 activities to identify threats using Microsoft Purview Audit, Content Search, and Microsoft Graph activity logs.
Search Microsoft 365 user and admin activity using Audit from Microsoft Purview and Content Search to surface relevant evidence during an investigation. Supplement these sources with Microsoft Graph activity logs, and understand how audit log retention policies affect how far back records are available.
Audit from Microsoft PurviewContent Search in Microsoft PurviewMicrosoft Graph activity logsaudit log retention
More in this domain
Back to all Respond to Security Incidents objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.