Microsoft
Microsoft
MicrosoftJan ( oechiih ) - Good point. All the data coming into Audit logs in M365 can also be ported into a SIEM using the management API. So I would definitely ask you to check this option out. In the meanwhile, there will be necessary notices in place when we make such a decision to move away from Log analytics workspace - so some planning around the scenario would be good.
Maxlan71 - Activity explorer also showcases Audit data sets and it doesn't have any other data source. So there is nothing called 'Activity explorer' items to filter in O365 MAPI documentation. For ex: If you want to export 'Label applied' activity, then you should be able to do that using the management API. If you have any specific questions, please directly message me (on yammer) and I can help out.
ChristopheHumbert - I don't have an exact timeline on the log workspace decommissioning but there will be notice around it as we plan for the work. With that said, this is the direction that we are taking.
cloud_entropy - Activity explorer is a elastic search capability built on top of the Audit data sets. So we currently showcase last 30 days rolling window. There is no specific need for Retaining Activity explorer data as there is nothing called "activity explorer' data 🙂
HaroldvandeKamp - Thanks a lot.
ShadanS - FYI.