LOG-02MediumEnhanced Security
Export Logs to Long-Term Storage
Logging & Visibility control for Microsoft 365 and Entra ID
Why This Control Matters
Default Entra log retention is 30-90 days. APT attacks often go undetected for months. Long-term retention enables forensic investigation of compromises that happened weeks or months ago.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1Audit logs are exported to Log Analytics workspace or external SIEM
- 2Retention is configured for at least 1 year
- 3Sign-in logs and audit logs are both included
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
Requires Azure Monitor or external SIEM configuration
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.