In the Azure Portal under Azure Active Directory I am looking for a way to persist the Audit and Sign-in activity data for 1-year or longer. Azure AD Premium 1-2 seems to only allow for a maximum of 30 days. I am in search of a method, preferably inside of the Azure ecosystem, to store this data longer. In my attempts to Google a solution, I found the ability to export the Azure Activity Log data to general purpose storage, but I do not see that option from within Azure Active Directory.
Is the only option to create a script to move this data to a more permanent location, or is there a way to extend the data retention for these logs within Azure?
I'm new to all things Azure, so if I am missing any obvious things, please inform me.
For now, AAD doesn't support increasing the data retention for Audit logs within Azure Active Directory.
Depending on your license, Azure Active Directory Actions stores activity reports for the following durations:
Report Azure AD Free Azure AD Premium P1 Azure AD Premium P2
Directory Audit 7 days 30 days 30 days
Sign-in Activity 7 days 30 days 30 days
If you need data for duration that is longer than 30 days, you can pull the data programmatically using the reporting API and store it on your side. Alternatively, you can integrate audit logs into your SIEM systems.
Hope this helps!