Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Audit Retention Policy

Copper Contributor

Hello,

 

We are testing whether the license requirement for 1 year and 10 year audit retention policies are enforced in the Security and Compliance Center. I setup a test policy to capture Microsoft Form activity data for a user that does not have the "required" license but the activity is still being captured and found in the audit trail. I'm unsure if it will be held for longer than the default retention period for this activity type (90 days). Is there a way to tell if the license requirement is enforced and if the activity will be held without having to wait more than 90 days?

 

The licensing requirement can be found in the attached photo and the documentation is in the below link. Thank you.

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-wor...

3 Replies
The requirement applies after the 90 day period, this doesn't mean that users without such license will not generate audit log entries. And as with many other features within Microsoft's cloud service, Microsoft does not necessarily enforce licensing requirements in code.
Thank you for the reply. Is there a way to tell if the targeted activity is covered by the retention policy?
Only if it's past the default retention date.