How to archive Microsoft Entra activity logs to an Azure storage account
If you need to store Microsoft Entra activity logs for longer than the default retention period, you can archive your logs to a storage account. We recommend that you use a general storage account and not a Blob storage account. For storage pricing information, see the [Azure Storage pricing calculator]. We recommend that you use a general storage account and not a Blob storage account. For storage pricing information, see the Azure Storage pricing calculator.
To use this feature, you need:
- An Azure subscription. If you don't have an Azure subscription, you can sign up for a free trial.
- An Azure storage account you have
- A user who's a Security Administrator or Global Administrator for the Microsoft Entra tenant.
Archive logs to an Azure storage account
Browse to Identity > Monitoring & health > Diagnostic settings. You can also select Export Settings from either the Audit Logs or Sign-ins page.
Select + Add diagnostic setting to create a new integration or select Edit setting for an existing integration.
Enter a Diagnostic setting name. If you're editing an existing integration, you can't change the name.
Select the log categories that you want to stream.
Under Destination Details select the Archive to a storage account check box.
Select the appropriate Subscription and Storage account from the menus.
After the categories have been selected, in the Retention days field, type in the number of days of retention you need of your log data. By default, this value is 0, which means that logs are retained in the storage account indefinitely. If you set a different value, events older than the number of days selected are automatically cleaned up.
The Diagnostic settings storage retention feature is being deprecated. For details on this change, see Migrate from diagnostic settings storage retention to Azure Storage lifecycle management.
Select Save to save the setting.
Close the window to return to the diagnostic settings page.