Forum Discussion
user login information
Skipster311-1 Azure AD does not provide retention of sign-in logs beyond 30 days. Some information may additionally be stored in the unified audit log though.
To answer your question more specifically. The information in Graph just contains the single timestamp when the last (non-)interactive sign-in happened. This is trivial to store for Microsoft and doesn't require Microsoft to keep all possible sign-in events. What you see in the Sign-In log in Azure AD though, are all events that happened, and as you can probably imagine, this can result in a lot of additional data that would need to be stored. I did some tests with storing sign-in events in an Azure Log Analytics workspace, and this was good for multiple TBs of data over a month, and that's only for one tenant. Imagine if they had to keep these sign-in events for all tenants!
Skipster311-1 Azure AD does not provide retention of sign-in logs beyond 30 days. Some information may additionally be stored in the unified audit log though.
To answer your question more specifically. The information in Graph just contains the single timestamp when the last (non-)interactive sign-in happened. This is trivial to store for Microsoft and doesn't require Microsoft to keep all possible sign-in events. What you see in the Sign-In log in Azure AD though, are all events that happened, and as you can probably imagine, this can result in a lot of additional data that would need to be stored. I did some tests with storing sign-in events in an Azure Log Analytics workspace, and this was good for multiple TBs of data over a month, and that's only for one tenant. Imagine if they had to keep these sign-in events for all tenants!
- Understood. Thank you again
