Microsoft Purview Audit

Power your forensic and compliance investigations.

A man working on a desk with a sheet of paper and a pen.

Power your forensic and compliance investigations

Support forensic investigations

Determine the scope of compromise, and access audit logs to support investigations.

Preserve audit logs to meet regulatory requirements

Retain audit records for one year with the option to retain for up to 10 years.

Gain high-bandwidth access to data

Get a dynamic bandwidth quota to access your auditing data.

Key features of Microsoft Purview Audit (Premium)

Screen review of customized retention dashboard.

Customized retention policies

Create customized audit log retention policies to retain audit records based on the service where the audited activities occur, specific audited activities, or the user who performs an audited activity.

Screenshot of retention policy options dashboards.

Longer retention of audit records

Audit log records for Exchange, SharePoint, and Azure Active Directory are retained for one year by default, and 90 days for all other activities. Up to 10-year audit log retention available with an add on license.

Screenshot of a crucial events report example.

High-value, crucial events

Support investigations by providing visibility to events such as when mail items were accessed, replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online.

A diagram of the management activity A P I.

Higher bandwidth to the Office 365 Management Activity API

Organizations are initially allocated a baseline of 2,000 requests per minute, where this limit will dynamically increase depending on an organization's seat count and their licensing subscription, resulting in about twice the bandwidth as organizations with Audit (Standard).

Screen review of customized retention dashboard.

Customized retention policies

Create customized audit log retention policies to retain audit records based on the service where the audited activities occur, specific audited activities, or the user who performs an audited activity.

Screenshot of retention policy options dashboards.

Longer retention of audit records

Audit log records for Exchange, SharePoint, and Azure Active Directory are retained for one year by default, and 90 days for all other activities. Up to 10-year audit log retention available with an add on license.

Screenshot of a crucial events report example.

High-value, crucial events

Support investigations by providing visibility to events such as when mail items were accessed, replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online.

A diagram of the management activity A P I.

Higher bandwidth to the Office 365 Management Activity API

Organizations are initially allocated a baseline of 2,000 requests per minute, where this limit will dynamically increase depending on an organization's seat count and their licensing subscription, resulting in about twice the bandwidth as organizations with Audit (Standard).

How Audit powers your investigations

Audit provides crucial event data that can help you investigate possible breaches and determine the scope of compromise.

Microsoft 365 E5 Compliance

new price $12.00 user/month

(annual subscription–auto renews)

Microsoft Purview Audit is a part of Microsoft 365 E5 Compliance Suite
 

Microsoft offers comprehensive compliance and data governance solutions to help your organization manage risks, protect and govern sensitive data, and respond to regulatory requirements.
 

* Customers currently licensed for Enterprise Mobility + Security E3, Office E3, or Microsoft 365 E3 are eligible to purchase or try the Microsoft 365 E5 Compliance suite. Microsoft 365 E5 Compliance capabilities and features are included in the Microsoft 365 E5 license.

Additional resources

Get more information about Microsoft Purview Audit—formerly Advanced Audit in Microsoft 365.

Protect everything

Make your future more secure. Explore your security options today.

Figure: User-focused events for investigations.

Audit provides crucial event data that can help you investigate possible breaches and determine the scope of compromise. This diagram illustrates the five user-focused events for investigations which include: user events, email events, Microsoft Teams events, files, and searches.