Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Allow Exchange Admin Auditing retention to be increased past 90 days

The commands Set-AdminAuditLogConfig -AdminAuditLogAgeLimit do not work on 365. We have a requirement to keep all admin logs for 3 years but this cannot be performed.

172 votes
Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
tell us more  ·  O365 Compliance and Protection Feedback responded  · 

At this point, the Office 365 service only allows for the retention of audit entries for 90 days. Can you provide us more information regarding your requirement to keep logs for 3 years. Is this a legal obligation? Please provide details around the specific audit entries you would like to retain for an extended period of time.


Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
  • Vilius commented  ·   ·  Flag as inappropriate

    90 days is not nearly enough when you are investigating why one or another thing happened on the tenant. For example I saw a newly created global admin account, but could not find who or why did this because it was past 90 days.

  • Anonymous commented  ·   ·  Flag as inappropriate

    O365 Audit logs are now available beyond 90 days for E5 customers. This feature is in Preview. More details here -

    "The one-year retention period for audit records for E5 organizations (or E3 organizations that have Advanced Compliance add-on licenses) is currently available only as part of a private preview program. To enroll in this preview program, please file a request with Microsoft Support and include the following as the description of what you need help with: "Long-term Office 365 audit log private preview".

  • Anonymous commented  ·   ·  Flag as inappropriate

    We are often asked for details form logs beyond the current remit of 90 days. Whilst we could do some back handed things like using Splunk (which takes a lot of effort and isn't 100% reliable as you are taking the data out of one place and putting it somewhere else and therefore you lose the validity and reliability) but this should be available for all by default. This is an ongoing service but the logs are often required some time after the original event occurred.

    As another has mentioned -this is Office 365 and not Office90! :)

  • Deepesh Mali commented  ·   ·  Flag as inappropriate

    No option to change the -AdminAuditLogAgeLimit to 365 days . we have got O365 E5 licensing and as per this article
    O365 E5 audit logs are retained for 1 year ; but cant see the option to change and even in search and compliance the logs go back to only 90 days

  • Michael Burke commented  ·   ·  Flag as inappropriate

    Can we get an update on this request? Log retention is part of almost every IT function. Let's open up retention to a much larger time frame.

  • Nilang Shah commented  ·   ·  Flag as inappropriate

    I agree by the previous comments by Scott! if you provided a choice - 90 days standard at no cost, and above 90 days will have a cost against your tenant storage allocation - which would be fine by us as well and reduce the cost and complexity dramatically which comes with 3rd party solutions.

  • Anonymous commented  ·   ·  Flag as inappropriate

    There are a plethora of government regulations which require retention of data for periods much longer than 90 days. Honestly, I can't think of a single legal requirement that, if applicable to logs, would be any period of time measured in the "days." More like, the "years."

    The workaround mentioned by Scott is obviously feasible, but definitely shouldn't be the only way available.

  • Scott commented  ·   ·  Flag as inappropriate

    I can help with the above, as we are facing the issue with SharePoint Online and OneDrive for Business. We have a legal requirement (we are a legal firm) to hold Audit data for an unlimited period of time.

    We have no issue in this being counted against our storage within the tenant, but to resolve this we are having to look at costly third party solutions to export the logs using an API and hold them in an on-premise SQL DB.

    It would be much easier if you provided a choice - 90 days standard at no cost, and above 90 days will have a cost against your tenant storage allocation - which would be fine by us!

  • Carlos commented  ·   ·  Flag as inappropriate

    You mean something like this?
    So this article is wrong? on step 4.
    I tried with support and even if its set to 365 days via powershell it only lets you search for the last 90 days like the admin above states. But why!!!!! Why does the article say you can increase it to 180.

  • Anonymous commented  ·   ·  Flag as inappropriate

    As noted by the admin, the default is 90 days. However, if you have a requirement you can use the Office 365 Management API and ingest the data into your own database, or CASB/SIEM application. This will allow you to meet your legal retention requirements for auditing. to get started with the management API, see the Following Link:

  • Anonymous commented  ·   ·  Flag as inappropriate

    We also have the need to extend or even reduce this number, its part of a Regulator requirement when working in the Financial sector in the UK. Can this be opened up for 365?

Feedback and Knowledge Base