Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Allow Exchange Admin Auditing retention to be increased past 90 days

The commands Set-AdminAuditLogConfig -AdminAuditLogAgeLimit do not work on 365. We have a requirement to keep all admin logs for 3 years but this cannot be performed.

140 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    At this point, the Office 365 service only allows for the retention of audit entries for 90 days. Can you provide us more information regarding your requirement to keep logs for 3 years. Is this a legal obligation? Please provide details around the specific audit entries you would like to retain for an extended period of time.

    12 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        O365 Audit logs are now available beyond 90 days for E5 customers. This feature is in Preview. More details here - https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance#before-you-begin

        "The one-year retention period for audit records for E5 organizations (or E3 organizations that have Advanced Compliance add-on licenses) is currently available only as part of a private preview program. To enroll in this preview program, please file a request with Microsoft Support and include the following as the description of what you need help with: "Long-term Office 365 audit log private preview".

      • Anonymous commented  ·   ·  Flag as inappropriate

        We are often asked for details form logs beyond the current remit of 90 days. Whilst we could do some back handed things like using Splunk (which takes a lot of effort and isn't 100% reliable as you are taking the data out of one place and putting it somewhere else and therefore you lose the validity and reliability) but this should be available for all by default. This is an ongoing service but the logs are often required some time after the original event occurred.

        As another has mentioned -this is Office 365 and not Office90! :)

      • Michael Burke commented  ·   ·  Flag as inappropriate

        Can we get an update on this request? Log retention is part of almost every IT function. Let's open up retention to a much larger time frame.

      • Nilang Shah commented  ·   ·  Flag as inappropriate

        I agree by the previous comments by Scott! if you provided a choice - 90 days standard at no cost, and above 90 days will have a cost against your tenant storage allocation - which would be fine by us as well and reduce the cost and complexity dramatically which comes with 3rd party solutions.

      • Anonymous commented  ·   ·  Flag as inappropriate

        There are a plethora of government regulations which require retention of data for periods much longer than 90 days. Honestly, I can't think of a single legal requirement that, if applicable to logs, would be any period of time measured in the "days." More like, the "years."

        The workaround mentioned by Scott is obviously feasible, but definitely shouldn't be the only way available.

      • Scott commented  ·   ·  Flag as inappropriate

        I can help with the above, as we are facing the issue with SharePoint Online and OneDrive for Business. We have a legal requirement (we are a legal firm) to hold Audit data for an unlimited period of time.

        We have no issue in this being counted against our storage within the tenant, but to resolve this we are having to look at costly third party solutions to export the logs using an API and hold them in an on-premise SQL DB.

        It would be much easier if you provided a choice - 90 days standard at no cost, and above 90 days will have a cost against your tenant storage allocation - which would be fine by us!

      • Carlos commented  ·   ·  Flag as inappropriate

        You mean something like this?
        https://support.office.com/en-us/article/Enable-mailbox-auditing-in-Office-365-aaca8987-5b62-458b-9882-c28476a66918#step4
        So this article is wrong? on step 4.
        I tried with support and even if its set to 365 days via powershell it only lets you search for the last 90 days like the admin above states. But why!!!!! Why does the article say you can increase it to 180.

      • Anonymous commented  ·   ·  Flag as inappropriate

        As noted by the admin, the default is 90 days. However, if you have a requirement you can use the Office 365 Management API and ingest the data into your own database, or CASB/SIEM application. This will allow you to meet your legal retention requirements for auditing. to get started with the management API, see the Following Link:

        https://msdn.microsoft.com/en-us/office-365/office-365-managment-apis-overview

      • Anonymous commented  ·   ·  Flag as inappropriate

        We also have the need to extend or even reduce this number, its part of a Regulator requirement when working in the Financial sector in the UK. Can this be opened up for 365?

      Feedback and Knowledge Base