Microsoft Purview offers comprehensive auditing solutions to empower organizations in effectively addressing security incidents, forensic investigations, internal inquiries, and compliance requirements. A unified audit log meticulously records thousands of user and admin actions across numerous Microsoft services and solutions. This log is readily searchable by security personnel, IT administrators, insider risk teams, as well as compliance and legal investigators, providing crucial visibility into organizational activities.
While you might be looking for a comparison feature on the MSI site, this article focuses on comparing the auditing capabilities within Microsoft Purview. Let’s delve into the key features of these solutions.
Comparing Microsoft Purview Audit (Standard) and Audit (Premium)
Both Audit (Standard) and Audit (Premium) offer robust auditing functionalities. The following table highlights their key differences:
| Capability | Audit (Standard) | Audit (Premium) |
|---|---|---|
| Enabled by default | ||
| Searchable Audit Events | ||
| Audit Search Tool (Purview/Compliance Portals) | ||
| Audit Search Graph API | ||
| Search-UnifiedAuditLog Cmdlet | ||
| CSV Export of Audit Records | ||
| Office 365 Management Activity API Access | ||
| 180-Day Audit Log Retention | ||
| 1-Year Audit Log Retention | ||
| 10-Year Audit Log Retention | ||
| Audit Log Retention Policies | ||
| Intelligent Insights |
Note that Audit (Premium) provides enhanced bandwidth for the Office 365 Management Activity API, facilitating faster data access. Furthermore, 10-year audit log retention requires a specific add-on license.
Deep Dive into Audit (Standard)
Audit (Standard), activated by default, allows logging and searching audited activities, supporting various investigations. It offers access to thousands of searchable events across Microsoft services, accessible through the Purview and compliance portals, Graph API, and the Search-UnifiedAuditLog cmdlet. Data can be exported to CSV files for further analysis. Audit (Standard) offers 180-day audit log retention.
Exploring Audit (Premium) Features
Building upon Audit (Standard), Audit (Premium) introduces advanced features like customizable retention policies for up to 10 years, intelligent insights for proactive threat detection, and higher bandwidth for the Office 365 Management Activity API.
Long-Term Audit Log Retention with Audit (Premium)
Audit (Premium) provides default one-year retention for Exchange, SharePoint, and Microsoft Entra audit records. This extended retention aids in comprehensive investigations and compliance. A 10-year retention option is available with an add-on license.
Leveraging Audit Log Retention Policies
Customizable retention policies in Audit (Premium) allow tailoring retention periods based on specific services, activities, or users, offering granular control over data retention. While Audit (Standard) offers a 180-day retention, Audit (Premium) allows for customized periods up to 10 years.
Licensing for Microsoft Purview Auditing
Specific subscription requirements apply to both Audit (Standard) and Audit (Premium). Consult the Microsoft documentation for detailed licensing information. Understanding these distinctions helps organizations choose the solution that best aligns with their auditing and compliance needs. While a direct comparison button might not be present on the MSI site, this comprehensive overview empowers informed decision-making.
