LOG-02Moderate

How to Fix: Export Logs to Long-Term Storage

Step-by-step guide to implement export logs to long-term storage in your Microsoft 365 environment.

15-20 minutes

Estimated Time

Steps

medium

Severity

Enhanced Security

Baseline Level

Why This Matters

Default Entra log retention is 30-90 days. APT attacks often go undetected for months. Long-term retention enables forensic investigation of compromises that happened weeks or months ago.

Prerequisites

1Global Administrator or appropriate admin role in Microsoft Entra ID
2Access to Microsoft Entra admin center (entra.microsoft.com)
3Microsoft Entra ID P1 or higher license

Expected Configuration

Audit logs are exported to Log Analytics workspace or external SIEM
Retention is configured for at least 1 year
Sign-in logs and audit logs are both included

Remediation Steps

Review Current Configuration

Assess your current configuration in Microsoft Entra admin center.

•Navigate to the relevant section in Entra admin center
•Document current settings
•Compare against expected state

Plan Implementation

Determine the changes needed to meet the expected configuration.

•Review expected configuration requirements
•Identify affected users or resources
•Plan rollout strategy

Implement Changes

Apply the necessary configuration changes.

•Make required configuration updates
•Apply to appropriate scope
•Document changes made

Validate and Monitor

Verify the changes are working as expected.

•Run TrueConfig scan to verify compliance
•Test affected functionality
•Set up ongoing monitoring

Related Resources

Control Reference

Full control documentation

FAQ

Common questions answered

Full Guide

Detailed implementation guide

Logging & Visibility Controls

Related security controls

Automate Your Security Configuration

TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.

Start Free Trial

← All Controls View Control Details →