In Response to Hacks, Purview Audit Extends Capabilities

• Microsoft 365 Purview Audit logs enable administrators to track activities in Microsoft 365 and other cloud services for investigations and compliance.
• In response to recent attacks, the number and types of events captured in the Audit Standard service tier have been expanded.
• Additionally, a longer default retention period in Audit Standard enables deeper and more comprehensive forensic investigations.

Microsoft 365 Purview Audit, a feature of Microsoft 365 tenancies, provides a centralized collection point for recording events for dozens of Microsoft workloads. Audit is available in two tiers of service, Audit Standard and Audit Premium. Audit Standard, which is packaged with Microsoft 365 E3 plan, is slated for improvements to respond to recent attacks on government sites.

Microsoft 365 Audit Review

With Microsoft 365 Purview Audit, administrators can view and analyze events in the Unified Audit Log, introduced in 2016. The Unified Audit Log records events and associated metadata (such as who performed the action, what files or other resources were affected, the time and date, and so on) from all Microsoft 365 workloads except Sway, as well as Power Apps, Power BI, Dynamics 365, Azure Active Directory, and Defender (including Endpoint). Several hundred such event types are captured in the log.