logs older than the 30 day limit

Jason Barden 26 Reputation points

I have a user that fell for a phishing scam, the investigating party is wanting sign in information from the incident but was about 100 days ago. is there anyway to gain access to those logs for legal investigation purposes?
Specifically i am looking for the User sign-in logs in the Azure AD.
Thanks for any help!!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,714 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 79,781 Reputation points MVP

    Not unless you're exporting them somewhere. If you are using Office 365, you can use the Unified audit log, which ingests events from Azure AD as well:

    As detailed in the article, depending on the license you can get events from up to 90 days/1 year back.

    4 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. JamesTran-MSFT 32,856 Reputation points Microsoft Employee

    @Jason Barden
    Unfortunately, Azure AD does not store any activity data past 30 days.




    Please let us know if any reply/answer helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.

    2 people found this answer helpful.