This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 96%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I am trying to create the following alerts:
| User added | Triggered when a new user has been added. |
|---|---|
| User removed | Triggered when a any user has been removed. |
| User privilege changes | Triggered by any configuration change of any user. |
I already tried to do this via the Audit Logs within the Identity section but the retention time is only 1 month there:
So my question is:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Manuel Did you get chance to look into my previous comment ? Let me know if you have further questions.
@Manuel Hope the information provided is helpful. Kindly revert if you have further questions.
@Manuel Log storage within Microsoft Entra varies by report type and license type.
You can retain the audit and sign-in activity data for longer than the default retention period using Azure Monitor. For more information, see Integrate Microsoft Entra logs with Azure Monitor logs.