Next you need to create your forensic proof policies. In the Purview Portal, go to “Police Policies” and choose to “create a forensic evidence policy.” Specify what jobs you can hold, such as printing, Exfiltration file, certain apps or websites, or all selected users’ apps. “All activities” is not a regular place and is used for a set time during an investigation. You can also use the hunting features and hunting of the Microsoft 365 Defender Afeender for additional forensic analysis.
Susan Bradley / CSO
Drawings and restrictions
No matter these settings, there are times when you are in the seller’s tape. Forensic tests of cloud assets can be complex. Tracking your Log files to update what the most common abuse verification takes review of these log files. In addition you do not get memory drop or control as if you are doing in the endpoint. You often open the support ticket with your seller to ask for the log files, thereby delayed your investigation and answering.
There is a budget limits to know. For example, you may need to buy additional storage to keep the best evidence you wish to take.
Source link