Removed redundant H2 headings in includes

Author: Ken Lawson

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/1-introduction.yml

@@ -1,9 +1,9 @@
 ### YamlMime:ModuleUnit
 uid: learn.wwl.investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium.introduction
-title: Introduction
+title: Introduction to threat investigation with Microsoft Purview Audit (Premium)
 metadata:
-  title: Introduction
-  description: "Introduction."
+  title: Introduction to threat investigation with Microsoft Purview Audit (Premium)
+  description: "Introduction to threat investigation with Microsoft Purview Audit (Premium)."
   ms.date: 3/22/2023
   author: wwlpublish
   ms.author: kelawson

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/includes/1-introduction.md

@@ -1,4 +1,3 @@
-## Introduction to threat investigation with Microsoft Purview Audit (Premium)
 
 You're a Security Operations Analyst working at a company that is implementing Microsoft Purview and Microsoft 365 Defender solutions.  You have already implemented Microsoft Purview Audit (Standard) and used it to search the Unified Audit Log (UAL). Now you need to understand how to setup and implement Microsoft Purview Audit (Premium). Your manager has asked you to create audit log retention policies and to conduct forensic investigations.
 

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/includes/2-explore-microsoft-purview-audit-premium.md

@@ -1,4 +1,3 @@
-## Explore Microsoft Purview Audit (Premium)
 
 In the Microsoft Purview Audit (Standard) module, you learned that the Unified Audit Log (UAL) provides organizations with the ability to log and search for audited activities. It also enables an organization to power its forensic, IT, compliance, and legal investigations.
 

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/includes/3-implement-microsoft-purview-audit-premium.md

@@ -1,4 +1,3 @@
-## Implement Microsoft Purview Audit (Premium)
 
 If an organization has a subscription and end-user licensing that supports Audit (Premium), it should perform the following steps to set up and use the Audit (Premium) capabilities.
 

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/includes/4-manage-audit-log-retention-policies.md

@@ -1,4 +1,3 @@
-## Manage audit log retention policies
 
 Organizations can create and manage audit log retention policies in the Microsoft Purview compliance portal. Audit log retention policies are part of the Microsoft Purview Audit (Premium) solution. An audit log retention policy lets an organization specify how long it wants to retain audit logs. Audit logs can be retained for up to 10 years. Retention policies can be created based on the following criteria:
 

learn-pr/wwl-sci/investigate-threats-using-audit-in-microsoft-365-defender-microsoft-purview-premium/includes/5-investigate-compromised-email-accounts.md

@@ -1,4 +1,3 @@
-## Investigate compromised email accounts using Purview Audit (Premium)
 
 A compromised user account is also referred to as an account takeover. It's a type of attack where an attacker gains access to a user account and operates as the user. These types of attacks sometimes cause more damage than the attacker may have intended.