SC-401 Lab 11 – Configure Audit Settings

Enable and customize audit settings to track user and admin activity across Microsoft 365 for security and compliance.

Tools Used

Steps Taken

  1. Signed into Microsoft Purview portal as MOD Administrator.
  2. Navigated to Audit → Audit Search.
  3. Enabled auditing and verified service activation.
  4. Configured audit log retention and searched for recent user activity.
  5. Filtered results by activity type, user, and workload.
  6. Exported audit logs for external review and compliance documentation.
  7. Reviewed audit insights and alert policies in Compliance Center.

Outcome

Audit settings successfully configured and validated. Microsoft 365 now tracks user and admin activity across services, supporting forensic investigation and regulatory compliance.

Certification Alignment

SC-401 Domain 2.2 – Implement Audit and Investigation Capabilities

Sandbox Link

Lab 11 – Configure Audit Settings