This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In the previous deployment step, you enabled the User and Entity Behavior Analytics (UEBA) feature to streamline your analysis process. In this article, you learn how to set up interactive and long-term data retention, to make sure your organization retains the data that's important in the long term. This article is part of the Deployment guide for Microsoft Sentinel.
Retention policies define when to remove data, or mark it for long-term retention, in a Log Analytics workspace. Long-term retention lets you keep older, less used data in your workspace at a reduced cost. To set up data retention plans, consult Log retention plans in Microsoft Sentinel, and use one or both of these methods, depending on your use case:
In this article, you learned how to set up interactive and long-term data retention.
Training
Module
Implement and manage retention with Microsoft Purview - Training
Implement and manage retention with Microsoft Purview.
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.
Documentation
Log retention plans in Microsoft Sentinel
Learn about the different log retention plans that are available in Microsoft Sentinel and how they're meant to be used to ensure maximum coverage at minimum expenditure.
When to use Auxiliary Logs in Microsoft Sentinel
Learn what log sources might be appropriate for Auxiliary Log or Basic Log ingestion.
Restore archived logs from search - Microsoft Sentinel
Learn how to restore archived logs from search job results.