-
Book Overview & Buying
-
Table Of Contents
Microsoft Security Operations Analyst Exam Ref SC-200 Guide - Second Edition
By :
At this stage, you are already working through investigations using alerts and platform data. This chapter focuses on Microsoft 365 activity, where investigations rely on audit records, content, and application-driven operations to reconstruct user and application actions.
In this chapter, you will learn how to investigate Microsoft 365 activities to identify threats. It aligns with the SC-200 exam objectives and addresses the following Skills Measured:
By the end of this chapter, you will be able to work through Microsoft 365 investigations using audit data, Content Search, and Microsoft Graph activity logs. Audit data helps confirm actions and reconstruct activity across workloads. Content Search helps locate and examine relevant messages and files...