Extend the Audit Log to hold records for longer than ninety days
The Audit Log's functionality in Office 365 is excellent but the logs are only held for ninety days rolling.
Due to this we are having to look at third party solutions to export the logs automatically, but this would be much easier if you extended the logging period out to a much longer period - years would be better than months.
Does this not state that this can simply be set? I set one mailbox to 120 and it took. I have yet to find out if it actually keeps for that amount, but seems command works, unless I am missing something.
Gary Smith commented
In theory the O365 Solution can be added to OMS workspace which is supposed to bring in the unified log. You can then extend the data retention on your workspace to whatever you require. I have, however, found that some data just doesn't seem to be included in that, and there doesn't appear to be any easy way to tell which is and isn't included. It's a pity, because that's an ideal solution for me as I can then use Power BI to connect to that OMS and visualise audit data.
See also https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/11515197-allow-exchange-admin-auditing-retention-to-be-incr that this should be merged into.
Matthias Mitze commented
For legal and tax purposes data needs to be stored between mimimum 90 days up to 10 years... - so please MS improve this!
Paul Lockart commented
In order to research a data leakage issue with emails, we need logs more than 90 days. For PCI and DLP purposes, a one year minimum would be acceptable.
Aman Sidhu commented
We need logs for more than 90 days probably couple of years at least since the security vulnerability search and findings go way beyond 90 days. @Microsoft please listen and help
Martin Meraner commented
did you find any good tool for that? Most I found just backup individual elements of it e.g. SharePoint Exchange, but I would also like to see license assignment etc.