How to Fix: Export Logs to Long-Term Storage
Step-by-step guide to implement export logs to long-term storage in your Microsoft 365 environment.
Free baseline scan · No credit card · 5 minute setup
15-20 minutes
Estimated Time
4
Steps
info
Severity
Enhanced Security
Baseline Level
Why This Matters
Default Entra log retention is 30-90 days. APT attacks often go undetected for months. Long-term retention enables forensic investigation of compromises that happened weeks or months ago.
Prerequisites
- 1Global Administrator or appropriate admin role in Microsoft Entra ID
- 2Access to Microsoft Entra admin center (entra.microsoft.com)
- 3Microsoft Entra ID P1 or higher license
Expected Configuration
- Audit logs are exported to Log Analytics workspace or external SIEM
- Retention is configured for at least 1 year
- Sign-in logs and audit logs are both included
Remediation Steps
Review Current Configuration
Assess your current configuration in Microsoft Entra admin center.
- •Navigate to the relevant section in Entra admin center
- •Document current settings
- •Compare against expected state
Plan Implementation
Determine the changes needed to meet the expected configuration.
- •Review expected configuration requirements
- •Identify affected users or resources
- •Plan rollout strategy
Implement Changes
Apply the necessary configuration changes.
- •Make required configuration updates
- •Apply to appropriate scope
- •Document changes made
Validate and Monitor
Verify the changes are working as expected.
- •Run TrueConfig scan to verify compliance
- •Test affected functionality
- •Set up ongoing monitoring
Related Resources
Automate Your Security Configuration
TrueConfig scans your Microsoft 365 environment on a schedule you control and, with safety gates, can fix configuration drift automatically. Start your free trial today.
Start Free Trial