Understanding the data processing, storage, and retention policies of Microsoft Entra ID is critical to maintaining business continuity.
Entra ID serves a single source of truth that affects regulatory compliance, data security, cost management, and user privacy. As the single point of entry to a plethora of Microsoft services and applications, it helps make sure organizations stay within legal boundaries, fortifies data protection, optimizes resource usage, and respects user data rights.
In this guide to Entra ID data retention, let's explore the different ways that data is collected, stored, processed, and retained across the Entra ID platform. We'll talk about the types of data retained, different retention periods across services, and ways to configure and customize data retention in Entra ID. Let's begin.
This article covers:
Entra ID retains several types of data, each serving a specific purpose and playing a crucial role in the overall functioning and security of the system. These include:
This refers to the data generated when a user signs into an application using Entra ID. It includes information such as the user's ID, the application they signed into, the time of sign-in, the IP address from which the sign-in originated, and whether the sign-in was successful or not. This data is crucial for monitoring user activity, identifying potential security threats (like repeated failed sign-in attempts which could indicate a brute force attack), and troubleshooting issues related to user access.
Example:
This is a record of system activity within Entra ID. It includes changes made in the Entra ID service, such as adding or removing users, changing user roles, modifying application settings, etc. Audit data is essential for tracking changes, maintaining compliance, and investigating incidents. For instance, if a user is granted elevated privileges and this leads to a security incident, the audit logs can help identify when and how the change in privileges occurred.
Example:
This includes data about the operation and performance of Entra ID itself, such as service usage statistics, performance metrics, and error logs. Operational data helps in monitoring the health and performance of Entra ID, identifying potential issues, and optimizing the service for better performance and reliability.
Example:
Entra ID has default retention periods for different types of data:
These default retention periods are designed to balance the need for historical data with the practical considerations of data storage. However, in many cases, organizations may need to retain data for longer periods, either for compliance reasons or for more in-depth analysis and reporting.
To accommodate these needs, Microsoft offers the ability to extend the retention periods for sign-in and audit data with an Entra ID P1 or P2 license. With these licenses, organizations can retain sign-in and audit data for up to 365 days. This extended retention period applies to all data in the tenant and cannot be set for individual users or groups.
It's important to note that extending the retention period may increase the costs associated with Entra ID, as pricing is often based on the volume of data stored and the length of time it's retained. Therefore, organizations should consider their specific needs and regulatory requirements when deciding on the appropriate retention period.
Entra ID uses Azure Monitor Logs to help manage data retention and archiving policies. With Azure Monitor Logs, each workspace has a default retention policy applied to all tables, but individual tables can have their own different policy. This allows for maximum flexibility in data retention and archiving. Let's take a look at a step-by-step guide to configuring data retention and archiving policies in Entra ID using Azure Monitor Logs.
With the custom policy applied, all data collected will be available for monitoring, troubleshooting, and analytics during the interactive retention period. This data will also be archived for compliance or occasional investigation. It's important to note that archiving is not the same as backing up. Once the data is archived, it's immutable, meaning that it can't be modified or changed later.
CoreView Configuration Manager is a dynamic tool that provides automated Microsoft Office 365 configurations, including automated data retention for Entra ID. It simplifies the management of data retention policies, thereby ensuring compliance and consistency across multiple tenants.
One of the key features of Configuration Manager is its capability to back up and restore a wide variety of Entra ID configuration settings. This includes app registrations, company branding, and custom settings. With CoreView Configuration Manager, IT teams can benefit from comprehensive backups of various Entra ID components.
CoreView ensures that each time a team member makes changes to your Entra ID tenant, a backup of all your Entra ID settings and policies is stored automatically. It also generates a detailed log each time it does this, for compliance. Additionally, CoreView provides scheduled automated backups at regular intervals. This feature eliminates the need for manual periodic backups, allowing system administrators to focus on more critical tasks.
CoreView Configuration Manager is the only premium no-code solution that automates regular backup, compliance monitoring, and multi-tenant management for not just Entra ID, but a host of other applications and services in Microsoft 365. Want to learn more about how CoreView can help your IT team simplify Entra ID data management? Sign up for a free demo, today!