Options for longer retention of o365 audit logs
Moving to o365 you still need to retain logs of activity and Microsoft gives you a good tool to do this with the o365 audit log. You can find this tool at https://protection.office.com , Expand Security & investigation on the left menu and choose Audit Log search.
By default Microsoft only keeps the logs for 90 days. We’re looking to keep the logs for a year. This post is to document options for extending the log retention either within the Microsoft ecosystem or using 3rd party options. If you know of additional options I haven’t listed here please leave a comment below and I’ll update the post.
Manage Engine o365 manager plus – https://www.manageengine.com/office365-management-reporting/
Looks like it reports on both o365 (But it doesn’t say anything about sharepoint) and Azure AD logins
Skykit Point – https://www.syskit.com/products/point/features/office-365-auditing/
Reports on all apps in o365 but not on Azure AD
*Their blog states, I’ll have to follow up with Microsoft to confirm
“Logs are kept for 90 or 365 days, depending on the license. To enable the full year, you’ll need to have an Office 365 E5 subscription or an Office 365 Advanced Compliance add-on license with an E3/Exchange Online Plan 1, and you’ll need to send a request to Microsoft support to enroll in the program. “
HubStor – Has a blog post about o365 audit logs and how they can extend them, but its not clear on their site if they just hold the archived logs and what tools they have to search the logs in a useful interface.
I’ll be following up with these three vendors in the new year and with Microsoft to see if E5 licenses get us extended logging retention.