Change in Activity Log experience for activities older than 30 days

Originally posted by Microsoft Mar 15, 2022 Microsoft 365 suite 0 Comments

Microsoft Defender for Cloud Apps is making some changes to the Activity Log experience to align with Microsoft 365 Defender for upcoming unified investigation and hunting experiences. Activity log queries will apply to activities logged in the last 30 days.

Note: All activities will continue to be retained for 180 days.

When will this happen:

On April 1, 2022, Activity Log existing filters will query all activities logged in the last 30 days.

How this will affect your organization:

To query older activities, you should navigate to Activity Log and click on “Investigate 6 months back” on the top right-hand corner of the screen. From there you will define the filters as normally done with Activity Log.

The following filters will be supported:

  • Username
  • Activity type
  • IP address
  • Application
  • Location
  • Activity ID

The supported operators are equal, not equal. Other filters and operators will not be available when defining a query for activities older than 30 days.

In addition to the changes in the Activity Log there will be a change in the Activities API – which will return only activities from the past 30 days.

What you need to do to prepare:

For additional information, refer to the product documentation (documentation will be updated on April 1 upon rollout).

Message ID: MC343059

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: