product-example checked
Microsoft Learn: Learn about auditing solutions in Microsoft Purview
Documents unified audit logs for monitoring user and admin operations across Microsoft services, with security investigation and compliance obligations.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Activity log | Choose activity log when the task is evidence review, investigation, compliance, security monitoring, or operational troubleshooting. | Each log row identifies one recorded event and keeps actor, action, object, timestamp, and event ID stable across filtering, sorting, expansion, export, and refresh. | Microsoft supports unified audit logs for investigation and compliance across user and admin operations. |
| Audit log | Choose audit log when the record must support governed security, compliance, forensic, or administrator-accountability review. | Each audit row represents one governed audit record and keeps audit ID, actor, action, object, effective time, result, and retention metadata stable across filters, details, export, and API retrieval. | Supports unified audit logs, security and compliance investigation, retention tiers, export, API access, SIEM import, and retention policies. |
Evidence Role
This source is treated as product-example evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: Microsoft Learn. Last checked: .