Hello Aaron Czupryn,
Greetings! Welcome to Microsoft Q&A Platform.
I understand that you would like to know where the audit logs and sign-in logs are stored and how to fetch these logs.
Audit logs and sign-in logs are typically stored in different locations depending on the platform and services you are using.
Audit Logs: These logs capture all changes made to your Azure AD resources. They are stored in the Azure AD portal and can be integrated with Azure Monitor for advanced querying and long-term storage.
Sign-In Logs: These logs record all sign-in activities and are also stored in the Azure AD portal. Like audit logs, they can be sent to Azure Monitor for detailed analysis and retention.
Please consider below following steps to retrieve these logs,
To understand how these logs were configured, check the Diagnostic settings for each service. This will show you where the logs are being sent and the retention policies in place.
To see how logs are configured, go to the Azure Active Directory > Diagnostic settings. Here, you can see if logs are being sent to a Log Analytics workspace, an Event Hub, or a storage account.
If logs are being stored in a storage account, you can find them in the $logs container within the storage account. Navigate to Storage accounts in the Azure portal, select the relevant account, and look for the $logs container.
If you are using a Log Analytics workspace, the logs might be stored there. You can check this by navigating to Log Analytics workspaces in the Azure portal and selecting the relevant workspace. Under the Logs section, you can query for audit and sign-in logs.
refer the below following Ms Doc for more details,
https://learn.microsoft.com/en-us/azure/storage/common/storage-analytics-logging,
https://learn.microsoft.com/en-us/compliance/assurance/assurance-audit-logging,
https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-audit-logs
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
refer this doc for querying logs - https://techcommunity.microsoft.com/t5/microsoft-entra/intro-to-querying-azure-ad-sign-in-and-audit-logs-held-in-azure/m-p/798199
Hope this answer helps! please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.