PhoneGet Quote
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890


Microsoft 365 audit data archival and restoration

If your organization is serious about auditing all user and admin activity in Microsoft 365, then you'll have to deal with the volumes of audit logs that are added to your database every minute. These audit logs contain traces of all types of activity, ranging from simple file renames to password resets and unwanted login attempts.

Why do you need an archival solution?

Auditing every activity happening in your Microsoft 365 environment requires you to analyze all the logs generated by various services and user activities. And to comply with regulatory mandates, this audit log data must be archived—but Microsoft 365 doesn't make archiving easy.

The 180-day window

Limitation: Microsoft 365 offers a unified audit logging service across key workloads, which is accessed through the Security and Compliance Center. However, audit entries in the Security and Compliance Center are retained for only 180 days, after which they're purged. Organizations that need long-term access to audit report items—such as the seven years worth of data required by some compliance regulations—should be aware of this limitation.

Solution: You can manually download and save audit logs every 180 days, but failing to do so would result in the permanent loss of logs. On the other hand, M365 Security Plus holds audit logs indefinitely. Therefore, you can choose to archive audit logs at your convenience, like when your database is running out of space. You can also restore deleted audit logs in M365 Security Plus in a single click.

Exporting audit logs

Limitation: When exporting specific audit logs from Microsoft 365, the export is limited to 1,000 entries—unless all logs are exported, in which case the limit is 50,000 items. This is severely limiting since some mid-sized and large organizations hit the 50,000 item limit every day. Manually exporting logs for organizations of this size requires an administrator to specify and generate at least one export every day, hoping that the time delay in capturing audit report entries doesn't result in an incomplete report. 

Since these exports are delivered as simple CSV files, there's also no accountability involved in the accuracy of the data, meaning there's nothing stopping an administrator from making up data or removing evidence of their own wrongdoing.

Solution: M365 Security Plus imposes no restriction on the number of entries that can be exported. You can export the audit data as password-protected reports or archive them as password-protected files so they're tamper-proof.

Audit data archiving and restoration with M365 Security Plus

M365 Security Plus allows you to archive Microsoft 365 audit logs in a separate storage platform, and restore them when required in a single click. You can also:

  • Specify when audit data should be archived.
  • Store archived audit logs as password-protected files.
  • View summaries of scheduled archiving.


Need more than just a Microsoft 365 security solution? Try our unified
SIEM solution, Log360!

 Explore Log360 now!  Request demo
A Complete Microsoft 365 Security Solution