![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 28.999999999999996%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,274 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you want to get sign-in activity for particular user in last 90 days.
This is not possible because the default retention period for Audit is only for 30 days. Except if you have routed the logs to any Azure storage accounts using Azure Moniter.
Microsoft Entra activity logs include audit logs, which is a comprehensive report on every logged event in Microsoft Entra ID. Changes to applications, groups, users, and licenses are all captured in the Microsoft Entra audit logs.
Apart from audit logs, you also have Sign-in logs in Entra which gives you information about sign-ins and how your resources are used by your users.
The default retention period for Audit is only for 30 days.
This is available only if you have Microsoft Entra ID P1 or P2 license in the tenant.
You can retain the audit and sign-in activity data for longer than the default retention period outlined in the previous table by routing it to an Azure storage account using Azure Monitor. For more information, see Archive Microsoft Entra logs to an Azure storage account.
And to get audit logs, you need to have any one of the roles Reports Reader, Security Reader, Security Administrator or Global Reader assigned to user account using which you are logging in to Azure portal.
Follow below steps to get audit logs for specific user for past 30 days,
- You can login it to https://entra.microsoft.com/
- Enter Global admin credentials or enter user credentials which at least has one of the following roles assigned, Reports Reader, Security Reader, Security Administrator or Global Reader.
- Now you can Expand Identity>>Users>>All users.
- Select the user for whom you want to pull the logs for.
- Click on "Audit logs" on the left pane and you can set the date range for last 90 days using custom interval.
- You can also click on Sign-in logs on the left pane and get that information too.
Audit logs– Gives information about changes applied to your tenant, such as users and group management or updates applied to your tenant’s resources.
Sign-ins logs– Gives information about sign-ins and how your resources are used by your users.
To access Sign-in logs also you need to have any of the license in your tenant and also the same roles to user account as needed to access audit logs.
You can refer below article to get more information on audit logs,
https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-audit-logs
You can refer below article to get more information on Sign-in logs,
https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins
Above articles cover everything regarding Entra audit logs and Sign-in logs.
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.