Microsoft Purview
DLP · eDiscovery · Insider Risk · Audit — full suite presales
Sensitive info types
Built-in DLP classifiers
Real-world scenarios
Interactive walkthroughs
Audit log retention
Audit Premium (vs 90 days std)
Avg attacker dwell time
Why long retention matters
Forensic-grade audit logs with 1-year retention — so you can answer "when did this start?" after a breach.
Microsoft Purview Audit provides a tamper-evident audit log of user and admin activity across Microsoft 365. Audit Premium extends retention to 1 year, adds high-value forensic events like MailItemsAccessed, and provides a high-bandwidth API for SIEM integration.
CEO email compromised — what did the attacker read?
CISO and outside counsel at a 600-person professional services firm
The CEO's Microsoft 365 account was compromised via AiTM phishing. The account was active for an unknown period. Legal needs to know exactly which emails the attacker accessed to determine breach notification obligations.
5 steps · click through the scenario
Admin secretly modifies mail transport rules
IT Director at a 280-person law firm
A routine security review discovers an unfamiliar Exchange mail transport rule that appears to be silently forwarding a sample of email to an unknown external address. When was this created and by whom?
5 steps · click through the scenario
HIPAA audit — proving who accessed patient records
Privacy Officer at a 90-provider healthcare group
A patient files a HIPAA complaint alleging that a staff member accessed their medical records without a treatment relationship. The OCR opens an investigation and requests access logs for the past 12 months.
5 steps · click through the scenario