Azure Active Directory (AAD), Microsoft’s cloud-based identity and access management service, plays an integral role in managing users and providing access to resources. An essential part of this management involves tracking sign-in activities. AAD provides sign-in logs that record data such as who attempted to sign in, the application they attempted to access, and whether the sign-in attempt was successful.
However, an often-overlooked aspect of these sign-in logs is their retention period. This blog post aims to shed light on this topic and explore how we can extend this retention period using Azure Blob Storage.
By default, Azure AD keeps sign-in logs for:
Azure AD does not store any activity data past 30 days! We are stuck here. What to do?
Not unless you’re exporting/downloading them somewhere like a Storage account, event hub or SIEM. If you are using Office 365, you can use the Unified audit log, which ingests events from Azure AD as well. Which needs expensive E5 license?
While the retention periods above may be sufficient for some, many organizations may require a longer retention period for compliance, auditing, or analytical purposes. This is where Azure Blob Storage comes into play.
Azure Blob Storage is a service for storing large amounts of unstructured object data, such as text or binary data. You can use it to store and retrieve any amount of data at anytime from anywhere on the web.
To extend the retention of your AAD sign-in logs, you can export them to Azure Blob Storage. Here’s a simple process on how to achieve that:
Navigate to Azure Active Directory > Monitoring > Audit logs.
Select Export Data Settings.
You can then select ‘Sign-in logs‘ under the ‘Log‘ category and select your Storage account under the ‘Destination details’.
Following these steps, you can now retain your sign-in logs for a longer period in Azure Blob Storage. Remember, managing sign-in logs effectively is crucial for maintaining security and ensuring compliance within your organization. By understanding the retention periods and knowing how to extend them, you can make the most of what Azure Active Directory has to offer.