With built-in search queries for notable security issues, it helps you focus on the things that require your attention. With an out-of-the-box security posture view and security contextual view, you get a holistic view into your IT environment.
All views provide the ability to drill-down and get deep insights into your entire infrastructure using a powerful search tool that correlates data among security artifacts such as Windows security events logs, audit policy records, Firewall logs, and AppLocker events.
When auditing, you can review a specific time interval to perform an audit for a selected user and\or device.
Microsoft makes updates to this solution periodically, so you can get the latest security intelligence.
When you use the Security and Audit solution, as a best practice, we recommend that you configure an audit policy, according to Audit Policy Recommendations. To learn how to configure your Windows environment, see Advanced Audit Policy Configuration.
To help enrich your security and audit capability, we also recommend that you enable AppLocker events. See Configure an AppLocker Policy for Audit Only for more information.
Important: Security event logs can produce a large volume of event data that could potentially cause you to reach your free daily data transfer limit.
Data collected: Windows security events, Windows application events, and Windows firewall logs.
This solution is a part of the Security & Compliance offering, available under free or per node pricing tiers. For additional information, visit OMS pricing page.