- Microsoft has extended the default retention period for activity logs in Microsoft Purview Audit, allowing organizations to access historical audit log data for up to 180 days.
- Customers with Purview Audit (Standard) licenses now have access to an additional 30 audit logs for various Microsoft 365 services.
- Microsoft is introducing new features in December, including the ability for customers to access the new asynchronous Audit Search experience programmatically.
Microsoft recently unveiled updates to the default retention period for activity logs in Microsoft Purview Audit. This change is designed to enable organizations to access historical audit log data for longer periods, helping them better investigate security breaches and related incidents.
Microsoft Purview Audit is a service that allows organizations to search for audit records for activities performed in Microsoft 365. It provides intelligent insights to help administrators determine the scope of compromise and support investigations.
“Starting in October 2023, we began rolling out changes to extend default retention to 180 days from 90 for audit logs generated by Audit (Standard) customers. Audit (Premium) license holders will continue with a default of one year, and the option to extend up to 10 years,” explained Rudra Mitra, Corporate Vice President for Microsoft Data Security and Compliance.
Microsoft plans to roll out the retention changes to Purview customers with standard licenses in the next few weeks. This update should be available for enterprise customers later this month, with government customers to follow in November.
Microsoft has also announced that customers with Purview Audit (Standard) licenses will have access to an additional 30 audit logs. This change will be applicable to Microsoft Teams, Exchange, SharePoint Online, Stream, and Viva Engage. Up until now, this capability was only available for Purview Audit premium customers.
Microsoft highlights its efforts to expand access to cloud logging data as a measure to safeguard organizations against cyberattacks. The new logging capabilities will be rolled out in a staggered manner to commercial customers over the next few months.
In addition to the retention extension and new logs, Microsoft Purview Audit is getting a couple of enhancements in December. A new feature will allow customers to programmatically access the new asynchronous Audit Search experience.
Microsoft plans to release new long-term retention policies for the 10-Year Audit Log Retention add-on SKU. This means that Microsoft Purview Audit premium customers will now be able to store the data for up to 3, 5, and 7 years. If you haven’t tried it yet, you can sign up for a free trial of Microsoft Purview Audit on this page.