Purview Audit Search Action

This guide will show an administrator how to utilize the simplest search criteria fields to complete an Audit search within the Purview portal.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Purview Audit Report Search Action

1. Navigate to the Search – Purview portal, here you will be able to access critical audit log event data to gain insight and further investigate user activities that have been detected throughout the Microsoft landscape. Once the desired criteria has been specified select Search to start your search job. The information listed below will be the general guideline of necessary information to get started with this security functionality:
   1. Date and time range (UTC): By default, the last seven days are selected. You can choose a specific date and time range to view events that occurred during that period. Note that the maximum allowable range is 180 days; selecting a range longer than this will result in an error.
   2. Activities - friendly names: Use the drop-down list to view the friendly names of audited activities available for search. These names are grouped by related user and admin activities. You can select individual activities by their friendly names or choose a group name to select all activities within that group. To quickly find a specific activity in the list, use the search box located above the list.
   3. Search name: Provide a custom name for your search job to easily identify it in the search job history. If you don’t specify a name, the system will automatically generate one based on the search's date, time, and other defined criteria.
   

Need Assistance?