Jan 21 2022 08:19 AM - edited Jan 21 2022 08:22 AM
Hi community,
our company wants to set the retention period for logs of Microsoft Cloud components e.g. Teams, Exchange (Online), ... to 30 days.
On the other hand, the data in Sentinel or should I better say in the respective Log Analytics Workspace should be stored for 90 days.
I do not know if the logs from the data sources are copied or linked when they are ingested in Sentinel (LAW).
If they were linked than i would expect that the data would be purged after the 30 day period and we never can reach the retention of 90 days needed by security.
Can someone point me in the right direction?
Jan 21 2022 08:53 AM
Jan 21 2022 11:48 AM