Identity and Access

Extend Audit Log Retention From 1 Year to 10

Read Time: 2 minutes

Advanced Audit in Microsoft allows retention of the Unified Audit Log for a period of 10 years.

Audit logs. We need them for investigation and compliance purposes, and we generally need them for a very long time (e.g. 10 years). Up to recently, we did not have much flexibility.

Very recently announced is the Advanced Audit in Microsoft 365 services. There are two key takeaways:

  • Advanced Audit in Microsoft 365 will provide a one-year retention period of audit logs for user and admin activities, with the ability to create custom retention policies for other Microsoft 365 services
  • An additional add-on (at additional cost) will provide the ability to enable a retention period of 10 years.

Required Licensing

Accounts with any of the following licenses can be included in Advanced Audit capabilities:

  • Office 365 E5
  • Microsoft 365 E5
  • Microsoft 365 E5 Compliance
  • Microsoft 365 eDiscovery and Audit

As mentioned above, an additional licence is required to extend and ensure retention of audit logs for 10 years. The additional license is expected to be available early this year (2021).

High-bandwidth API Access

Large organizations may notice an improvement in performance when using the audit log API. Every organization will have allocated bandwidth for accessing their audit log based on the number of seats (licensed users) and number of E5 licenses.

Key Benefits of the Advanced Audit Log

  • A standard retention term of 1 year for all auditable activities
  • The ability to extend retention of audit logs for 10 years without having to manage an additional service or application (e.g. Sentinel or Splunk) strictly for long term storage of all activity logs for compliance/policy purposes
  • Improved bandwidth for accessing the Audit Log via API.


Thank you for Reading

Questions? Comments? Feel free to reach out.