Microsoft Purview Best Practices
Microsoft Purview is a solution that helps organizations manage data and compliance. It also uses AI to classify data, monitor compliance, and identify risks. Key features include data discovery, classification, governence, retention, compliance management, encryption, and access controls. Purview ensures data security, prevents insider threats, and helps implement data loss prevention policies to meet compliance requirements. Hello everyone - This is just a short introduction, I am Dogan Colak. I have been working as an M365 Consultant for about 5 years, holding certifications such as MCT, SC-100, SC-200, SC-300, and MS-102, with a focus on Security & Compliance. This year, I am excited to share what I have learned with the Microsoft Technology Community. In the coming days, I will be publishing videos and articles based on the training agenda I have created. I will also share these articles on LinkedIn, so feel free to follow me there. I am always open to feedback and suggestions. See you soon!
Size of the Microsoft Purview Audit Log for sizing SIEM / Splunk Storage
Hi there, we plan to export our M365 Audit Logs into a Splunk solution. The license cost is based on the storage needed. my questions: - is there a way to assess the storage used by our Audit logs in Microsoft Purview? - is there a way to calculate the storage needed for a number of users in a give time, e.g. per day/ week for heavy, medium, low M365 usage, I only need rough numbers? - does anybody have experience or numbers of their export to a SIEM system? Any support highly appreciated. Thanks, FranckAudit logs for a change made in SP Admin Center didn't show a change from modern auth to legacy auth
I was performing an audit in Microsoft Purview, https://compliance.microsoft.com/auditlogsearch?viewid=Async%20Search I did a New Search (preview) and I selected a person to "monitor" who was granted access to heightened security. I was monitoring to see what they might be doing and or if they were making changes. I did the audit on the account and for the date as "current" as possible. I ran the search, and it didn't show me that they changed from modern authentication to legacy authentication. I noticed it when they told me. The area is here: https://xxxxxxxxx-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/accessControl/LegacyAuthentication Is there a way to have the auditing check the admin centers for admin's performing work and changing things? Thank you. Matt
