Hello, and welcome back. What we're gonna do here in this brief demonstration is walk through the process of creating an audit log retention policy. Now on the screen here I'm logged into my Microsoft 365 Admin Center, and I'm logged in as the global admin. To create an audit log retention policy. I need to go into compliance here. So we'll scroll down into compliance, now from compliance center what we do is go into audits.

Now you'll notice here in the left navigation pane we don't see audit even listed. If we click show all what this does is open up all of the different options under solutions for us. And we can see here audit becomes an option. So we'll go ahead and select audit.

Now from the audit page here we can search pre-existing audits or we can go ahead and create a new audit retention policy. So we'll go ahead and do that. And now from here, we can see we don't have any existing retention policies defined yet. So we'll go ahead and create the audit retention policy here.

Now, when we create an audit retention policy we have to provide some information. We need to provide a name for the policy, an optional description. We need to tell the policy which users and which record types it should apply to. We need to specify the duration that the data is kept and then we need to specify a priority for the policy. Now the policy name needs to be unique within my organization. And once I name this policy I can't change that name after the fact. So I'll just call this Retention1.

The description is optional and typically you would use a description just to provide more information about the policy. I am not going to worry about a description here so we'll leave this alone. And then in the user's box here, we can either specify specific users that we want this policy to apply to, or we can leave the box blank to force the policy to apply to all users. For example, if I search the box for admin we can see my admin accounts turn up. For this policy here we'll just allow it to apply to all users. And then in the record type dropdown here what we can do is specify the audit record type that this policy should apply to.

If we scroll down, we can see all kinds of record types that we can add to this policy. What we'll do for this exercise here is just select Azure Active Directory. Now once I select Azure Active Directory we are presented with a dropdown for activities. Now, the note here tells us that if we don't select specific activities the policy will apply to all activities for this selected record type in this case it would be Azure Active Directory.

If we select the dropdown here we can see we can audit user administration activities. We can audit AD group administration activities application administration activities all kinds of different administration activities. We can select one or more or all If that's what we're after. For this exercise we'll just select added, deleted, and reset user password.

So now what this policy will do is look for information regarding users added users deleted and password resets within the Azure Active Directory record type. And that'll will be applied to all users. And then down here we have the duration and duration is simply the amount of time that we want to retain the audit logs that meet the criteria of the policy we're defining here. So we'll just select 90 days.

And then lastly here we have a priority. The priority determines the order in which audit log retention policies get processed a higher number, indicates a higher priority. So for example, if we give this policy a value of 10 that means this policy would take priority over another policy with a value of say five. Now we don't have any other retention policies in our organization right now so it's really a moot point, but for this exercise, I'll just set it to 10 and we'll go ahead and save the policy. And with that, we have Retention1 created.

If we select the policy, you'll notice like I said Retention1 is no longer editable. I can't change the policy name. We can go ahead and modify the settings within the policy but we can't rename it. So we'll cancel that. And there you have it. That's how you create an audit retention policy using the compliance center.