Microsoft 365 audit logs are now retained for 365 days for all tenants (with PowerShell)

Feb 8, 2022

The Microsoft 365 audit log is the best place to identify user and admin actions (like track admin roles changes).

By default, logs are retained 90 days, except for tenants with Office 365 E5 or Microsoft 365 E5 licenses. But, since summer 2021 (no exact date), the logs are now retained for 365 days.

Note that this only for search with PowerShell Search-UnifiedAuditLog. The web interface are still the 90 days limitation on non E5 tenants.

After some tests on several tenants (M365 Business, Office 365 E3), all now have access to 365 days of history even if the AdminAuditLogAgeLimit is still 90 days. You can find your current age limit with:

Connect-ExchangeOnline
(Get-AdminAuditLogConfig).AdminAuditLogAgeLimit
90.00:00:00

I don’t find any documentation with this information, so I don’t know if it’s a non documented feature or a bug…

Search the audit log in the Microsoft 365 compliance center – Microsoft 365 Compliance | Microsoft Docs

Recommended for you

How to get Microsoft Technet Gallery scripts

2 years ago • 1 min read

Accès au fichier cloud est refusé avec Uninstall-Module

2 years ago • 2 min read

WMI Filter to identify 32 and 64 bits

3 years ago • 1 min read

Retrieving MSI file information with PowerShell

Récupérer les informations d’un fichier msi avec PowerShell

Azure AD Connect Cloud Sync : la prochaine génération de synchronisation pour les environnements hybrides

New Setting Users Can Create Azure AD Tenants

Microsoft 365 audit logs are now retained for 365 days for all tenants (with PowerShell)

Tags

Bastien Perez

Recommended for you

How to get Microsoft Technet Gallery scripts

Accès au fichier cloud est refusé avec Uninstall-Module

WMI Filter to identify 32 and 64 bits