![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 98%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Purview
A unified data governance solution that helps manage, protect, and discover data across your organization
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 83%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
Dear @Sudhanshu Shevade,
Welcome to Microsoft Q&A.
Microsoft 365 Business Basic includes basic audit logging through Audit (Standard), which is part of the Microsoft Purview (Unified Audit Log) experience. This level of auditing is designed to provide essential visibility into common user and administrator activities across Microsoft 365, rather than deep forensic or compliance investigations.
With Business Basic, Audit (Standard) records activities that help administrators understand who did what and when in core Microsoft 365 services. This includes general identity and directory actions (such as user sign-ins and account or role changes), everyday mailbox activity in Exchange Online (for example, common mail actions and permission-related changes), and basic file activity in SharePoint Online and OneDrive (such as file access, sharing, and deletion). These logs are typically used for routine monitoring, troubleshooting, and baseline security review.
All of these events are searchable in the Microsoft Purview portal under Audit, using the Unified Audit Log. The data retention for Audit (Standard) is limited (short-term), which is suitable for operational oversight but not long-term investigations.
It’s equally important to understand what is not included with Business Basic. The license does not provide advanced or detailed audit events, such as precise mailbox read/access tracking (for example, MailItemsAccessed), nor does it include extended audit log retention or advanced investigation and compliance tooling. Those capabilities fall under Audit (Premium) and are available only with higher-tier licenses such as Microsoft 365 E5 or the E5 Compliance add-on.
You can refer to the official overview document which describes Audit (Standard) and Audit (Premium), the capabilities and limitations of each audit level: Learn about auditing solutions in Microsoft Purview
If your organization needs deeper visibility, longer audit retention, or advanced compliance and investigation scenarios, you will need Audit (Premium), which is available with Microsoft 365 E5 or the E5 Compliance add-on (and more broadly with higher-tier enterprise plans).
I hope this information helps point you in the right direction. If you need further assistance, please don’t hesitate to reach out again. I’ll do my best to support you however I can.
Warm regards,
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
