Your company is implementing Microsoft Purview Audit (Standard). You need to search for activities performed by a specific user in Exchange Online. Which log should you query?
The unified audit log contains all service activities.
Why this answer
Audit (Standard) records all user and admin activities in Exchange Online. The unified audit log is the correct source. Option A is incorrect because Azure AD audit logs are for identity activities.
Option C is incorrect because DLP reports are for DLP matches. Option D is incorrect because Mailbox audit logs are a subset but unified audit log is the comprehensive source.