Threat Investigation with Defender XDR and Purview Audit

In an era of sophisticated digital threats, tracking user and admin activities is crucial for maintaining a strong security posture. Understanding how to leverage advanced auditing tools allows security analysts to reconstruct events and identify malicious behavior. This text-based course guides you from foundational auditing concepts to conducting practical forensics investigations. You will learn to configure system logs, manage data retention, and trace security incidents with confidence. What you'll learn: • Understand the core differences between Standard and Premium auditing capabilities • Configure system audit logging to capture critical security events • Establish long-term audit log retention policies for compliance and investigation • Conduct systematic forensics investigations using search queries and log analysis • Apply zero-trust principles to monitor user and administrative actions • Analyze security alerts to reconstruct timelines of unauthorized access. Starting with fundamental terminology and setup requirements, the course guides you step-by-step through configuring policies and executing search queries to investigate potential breaches. This course is designed for beginners in cybersecurity, IT administration, or compliance, with no prior auditing experience required. Start reading today to master threat hunting and auditing in your organization.