HOTSPOT -
You have a Microsoft 365 tenant.
You need to retain Azure Active Directory (Azure AD) audit logs for two years. Administrators must be able to query the audit log information by using the Azure
Active Directory admin center.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Â
Suggested Answer:
Box 1: Azure Log Analytics -
To query the Azure AD logs use Azure Log Analytics.
Note: Currently, you can route the Azure AD logs to:
An Azure storage account.
An Azure event hub, so you can integrate with your Splunk and Sumologic instances.
Azure Log Analytics workspace, wherein you can analyze the data, create dashboard and alert on specific events.
Box 2: Audit logs -
The Azure portal provides you with several options to access the log. For example, on the Azure Active Directory menu, you can open the log in the Monitoring section.
Reference: alt="Reference Image" />
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
This question is in MS-101 Exam
For getting Microsoft 365 Administrator Expert Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft.
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.
