Investigate and Respond to Microsoft Purview Data Loss Prevention Alerts.
In this module you learn to:
- Investigate DLP alerts in Microsoft Purview and Microsoft Defender XDR
- Review alert details, related user activities, and matched events
- Apply remediation actions and update alert or incident statuses
- Assign ownership, document decisions, and support accountability
- Recognize when DLP policies might need adjustments based on investigation outcomes
Investigate Insider Risk Alerts and Related Activity.
After completing this module, you'll be able to:
- Understand how alerts are generated and prioritized in Insider Risk Management.
- Tune policies and thresholds to manage alert volume effectively.
- Use the Alerts dashboard and alert details to triage and respond to risky activity.
- Investigate behavior using tabs like All risk factors, Activity explorer, and User activity.
- Integrate with Microsoft Defender XDR for broader threat investigation.
- Create, manage, and resolve Insider Risk Management cases.
Search and investigate with Microsoft Purview Audit.
After completing this module, you'll be able to:
- Identify the differences between Microsoft Purview Audit (Standard) and Audit (Premium).
- Configure Microsoft Purview Audit for optimal log management.
- Perform audits to assess compliance and security measures.
- Analyze irregular access patterns using advanced tools in Purview Audit (Premium) and PowerShell.
- Ensure regulatory compliance through strategic data management.
Use Microsoft Purview eDiscovery to search for content across Microsoft 365. This module covers how to configure cases, define search criteria, and locate messages, files, and other organizational data.
In this module you learn how to:
- Assign the roles and permissions to access Microsoft Purview eDiscovery
- Create and manage cases used to run eDiscovery searches
- Define search scope and build queries using conditions, keywords, and Copilot-generated prompts
- Run searches and validate results using statistics or random samples

Syllabus

Investigate and respond to Microsoft Purview Data Loss Prevention alerts
- Introduction
- Understand data loss prevention (DLP) alerts
- Understand the DLP alert lifecycle
- Configure DLP policies to generate alerts
- Investigate DLP alerts in Microsoft Purview
- Investigate DLP alerts in Microsoft Defender XDR
- Investigate DLP alerts with Security Copilot and AI agents
- Respond to DLP alerts
- Exercise - Investigate a DLP alert and related incident
- Module assessment
- Summary
Investigate insider risk alerts and related activity
- Introduction
- Understand insider risk alerts and investigations
- Manage alert volume in insider risk management
- Investigate and triage insider risk alerts in Microsoft Purview
- Investigate insider risk alerts with Security Copilot and AI agents
- Analyze alert context with the All risk factors tab
- Investigate activity details with the Activity explorer tab
- Review patterns over time with the User activity tab
- Investigate insider risk alerts in Microsoft Defender XDR
- Manage and take action on insider risk cases
- Exercise - Investigate potential data theft using Insider Risk Management
- Module assessment
- Summary
Search and investigate with Microsoft Purview Audit
- Introduction
- Microsoft Purview Audit overview
- Configure and manage Microsoft Purview Audit
- Conduct searches with Audit (Standard)
- Audit Microsoft Copilot for Microsoft 365 interactions
- Investigate activities with Audit (Premium)
- Export audit log data
- Configure audit retention with Audit (Premium)
- Module assessment
- Summary
Search for content with Microsoft Purview eDiscovery
- Introduction
- Understand eDiscovery and content search capabilities
- Prerequisites for using eDiscovery in Microsoft Purview
- Create an eDiscovery search
- Conduct an eDiscovery search
- Export eDiscovery search results
- Module assessment
- Summary and resources