Exam MS-500 topic 4 question 36 discussion

Answer is C: Office 365 or Microsoft 365 E5 or users with a Microsoft 365 E5 Compliance add-on license: Audit records for Azure Active Directory, Exchange, and SharePoint activity are retained for one year by default.  Da <https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance>

The correct answer is C. For users assigned an Office 365 E5 or Microsoft 365 E5 license (or users with a Microsoft 365 E5 Compliance or Microsoft 365 E5 eDiscovery and Audit add-on license), audit records for Azure Active Directory, Exchange, and SharePoint activity are retained for one year by default. Organizations can also create audit log retention policies to retain audit records for activities in other services for up to one year. For users assigned any other (non-E5) Office 365 or Microsoft 365 license, audit records are retained for 90 days. For a list of Office 365 and Microsoft 365 subscriptions that support unified audit logging Source: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

365 with E5; 90 with E3

1 year To retain an audit log for longer than 90 days (and up to 1 year), the user who generates the audit log (by performing an audited activity) must be assigned an Office 365 E5 or Microsoft 365 E5 license or have a Microsoft 365 E5 Compliance or E5 eDiscovery and Audit add-on license. To retain audit logs for 10 years, the user who generates the audit log must also be assigned a 10-year audit log retention add-on license in addition to an E5 license.

C is correct!

365days For users assigned an Office 365 E5 or Microsoft 365 E5 license (or users with a Microsoft 365 E5 Compliance or Microsoft 365 E5 eDiscovery and Audit add-on license), audit records for Azure Active Directory, Exchange, and SharePoint activity are retained for one year by default.

Answer is B based one Microsoft Docs: https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide All audit records generated in other services that aren't covered by the default audit log retention policy (described in the previous section) are retained for 90 days. But you can create customized audit log retention policies to retain other audit records for longer periods of time up to 10 years.

C for sure for E5 (365), for the rest 90 days. https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide#default-audit-log-retention-policy

How long are the audit records retained for? As previously explained, audit records for activities performed by users assigned an Office 365 E5 or Microsoft E5 license (or users with a Microsoft 365 E5 add-on license) are retained for one year. For all other subscriptions that support unified audit logging, audit records are retained for 90 days.

Shouldnt be 90 days?

"You can retain audit logs for up to 10 years. " check this please: https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide#:~:text=You%20can%20retain%20audit%20logs,users%20or%20by%20specific%20users

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#frequently-asked-questions How long are the audit records retained for? As previously explained, audit records for activities performed by users assigned an Office 365 E5 or Microsoft E5 license (or users with a Microsoft 365 E5 add-on license) are retained for one year. For all other subscriptions that support unified audit logging, audit records are retained for 90 days. Answer is C. E5 is one year, all others are 90 days.

The default audit log retention policy (1 Year) is applied to E5 users \ E Discovery and Audit Add-on Licensed users: For example, if one of my E5 users signs into Exchange Online this activity will be retained for a year. If they do not have the above license and just have E3 with no add-on, then it's 90 days. Confirmed with Microsoft Support via support request in my Lab. Thanks

MS just changed to 90 days even for E5, so now the answer is correct.

C for sure

"How long are the audit records retained for? As previously explained, audit records for activities performed by users assigned an Office 365 E5 or Microsoft E5 license (or users with a Microsoft 365 E5 add-on license) are retained for one year. For all other subscriptions that support unified audit logging, audit records are retained for 90 days."

Default audit log retention policy Advanced Audit in Microsoft 365 provides a default audit log retention policy for all organizations. This policy retains all Exchange, SharePoint, and Azure Active Directory audit records for one year. This default policy retains audit records that contain the value of AzureActiveDirectory, Exchange, or SharePoint for the Workload property (which is the service in which the activity occurred). The default policy can't be modified. See the More information section in this article for a list of record types for each workload that are included in the default policy. Note The default audit log retention policy only applies to audit records for activity performed by users who are assigned an Office 365 or Microsoft 365 E5 license or have a Microsoft 365 E5 Compliance add-on license. If you have non-E5 users in your organization, their corresponding audit records are retained for 90 days. from: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide