LOG-02: Export Logs to Long-Term Storage

Frequently asked questions about implementing and managing the LOG-02 security control in Microsoft 365 and Entra ID.

Q
What is LOG-02 (Export Logs to Long-Term Storage)?
A

LOG-02 is a security control that default entra log retention is 30-90 days. apt attacks often go undetected for months. long-term retention enables forensic investigation of compromises that happened weeks or months ago. It requires that audit logs are exported to log analytics workspace or external siem and retention is configured for at least 1 year, sign-in logs and audit logs are both included.

Related controls:LOG-02
Q
Why is Export Logs to Long-Term Storage important for Microsoft 365 security?
A

Default Entra log retention is 30-90 days. APT attacks often go undetected for months. Long-term retention enables forensic investigation of compromises that happened weeks or months ago.

Related controls:LOG-02
Q
How do I implement LOG-02 in my tenant?
A

LOG-02 requires manual implementation. Requires Azure Monitor or external SIEM configuration

Related controls:LOG-02
Q
What license do I need for LOG-02?
A

This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.

Related controls:LOG-02
Q
Which security baseline includes LOG-02?
A

LOG-02 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Related controls:LOG-02

5

Questions

1

Related Controls

Categorized

Related Resources

LOG-02 Control Reference

Detailed documentation and implementation guidance

Logging & Visibility Controls

All controls in the Logging & Visibility category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →