Forum Discussion
Solved
MCAS - Activity Log - Duration - how many days of logs visible from point of setup?
Hi, I have a query - we have just setup a trial of MCAS for a client and they are seeing infrequent country alerts for users for example. These alerts state things like "device tablet used by...
- Yes, you are correct, MCAS stores copies of the activities it receives from connected services for a period of 180 days.
Regarding the issue, we will investigate further and decide on the next steps.
Boris
Boris_Kacevich
Microsoft
Microsoft
The data that MCAS gets from different apps is saved according to retention policies for 180 days (for activities). Based on the aggregated data from different services MCAS is able to build a base-line that is then used for its anomaly detections.
In the specific case below, it might be a bug and a terminology issue.
If critical, a support case can be opened so our team can review the details.
Best,
Boris
Product manager, CAS
Thanks Boris_Kacevich
It's not a critical issue but the customer did ask why it shows "last 180 days" in the alert when he hasn't got 180 days worth of activity logs to review yet. It might be worth changing that value in the alerts to a dynamic value to reflect the duration of logs available if possible to prevent future confusion?
With regards to the 180 day activity log, is this a separate MCAS specific log stored somewhere that's not accessible to other services but is in effect populated by the connected services?
What I mean is are the entries in the MCAS Activity Log copies of logs from connected apps (ie Office 365 and Azure AD) and then kept in the MCAS log for 180 days, whereas if you reviewed the logs for the contributing source individually - ie Azure Sign In Logs for example, you will still only find the last 30 days?
Thanks
Paul
- Boris_KacevichYes, you are correct, MCAS stores copies of the activities it receives from connected services for a period of 180 days.
Regarding the issue, we will investigate further and decide on the next steps.
Boris
