M365 E5 performance concerns mostly related to Audit and retention along with PowerShell command details

Anamika . (International Supplier) 1 Reputation point Microsoft Vendor

Dear Support,

The current licensing history is m365 E5 for the entire organization and for shared mailbox have M365 E5 eDiscovery and audit add-on license .

1) apart from the default audit actions that are available we have enabled additional audit actions that are not within the default set of audit actions: We want to know

a. Is there any performance impact on the mailbox?

i. Example:

  1. Slower retrieval of emails from the server?
  2. Slower sending/receiving of emails?
  3. Slowdown in search response?

b. Is there a way to test/validate the performance of a mailbox, in regards to above configuration change on enabling additional audit actions?

2) We had subscribed to M365 E5 licenses for all our users and shared mailboxes have M365 E5 eDiscovery and audit add-on license, this have effectively enable advance auditing for all our mailboxes and Microsoft documentation state that default audit data retention policy is 1 year for advance auditing, ref: Manage audit log retention policies - Microsoft 365 Compliance | Microsoft Learn  

a. How can we validate that default audit data retention policy is successfully applied on all mailboxes ? (Possible question during external audit)

i. Example:

  1. PowerShell commands
  2. Setting information in the respective portal

Please help with detailed information and link along with PowerShell commands

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,228 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 96,436 Reputation points MVP

    a) There is no performance impact for enabling auditing, moreover server/database performance is Microsoft's responsibility, not yours
    b) see above
    c) to verify audit retention works as expected, perform a query against the audit log for given mailbox. For example, if you have applied an "retain for 1year" audit log retention policy to mailbox X, you should expect to see events older than the default 90days policy present in the results. As time goes by, you will eventually reach the 1y limit of the currently assigned policy.

    0 comments No comments