Audit log history

Brass Contributor

A search in audit log cannot past the date the audit log was activated. But how long will the data in audit log been kept? Will it be possible in 2022 to search for activities that happened in 2016?

6 Replies

The audit log events under the Security and Compliance Center in general are kept for 90 days. If you need more, you need to export/store them on your own, or use a 3rd party tool that does that. Using ASM gives you 180 days, at additional cost.

Thanks for you feedback, Vasil. But if I don't understand why I can go back in the audit log until the moment we've started audit log recording. This is now more than 1 year ago.

Because it costs money to provide storage for all that data and make it available in near real time? 🙂 You can ask the same question about Reports, we've always had a limited data there too.

I'm seeing results now for activities greater than 90 days. If I scroll back through the calendar in the Start Date field, I can go back to December 14, 2015. Do you know if the 90 day audit log search has changed? I'm still seeing in Microsofts documentation reference to the 90 days.

I do actually, but I see different "cutoff" dates for different types of audited activities. Still, a good sign I guess, seems we're getting support for more than 90 days 🙂

For infinite audit data retention, you need to write custom audit data collection script or go to some 3rd party offerings.

 

I recommend AdminDroid Auditor to hold activity data for such a long period. It collects and stores your data in your on-premise server. So the data is always in your control. Try the online demo to explore the product.