Microsoft Increases Audit Storage Period for Office 365 E5 (But Still Struggling with a Truncation Problem)

Microsoft has updated its retention period for Office audit records from 90 to 365 days, but only for accounts with Office 365 E5 licenses. On another front, the problem with truncated audit records for Azure Active Directory events still persists.

Office 365 Audit Records Truncated for Azure Active Directory Events

A demo to show how easy it is to use PowerShell to manage Office 365 Groups and Teams was progressing nicely at the UK Evolve conference when a problem happened with code that used to run perfectly. Sounds like a normal programming situation, but in this case, Microsoft had changed the format of Office 365 audit records for Azure Active Directory operations. That’s not so good. What’s worse is that some essential data is now missing from the audit records.

What that BOXServiceAccount Does in Office 365

Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.

Verifying Office 365 Administrator Access to User Data

Office 365 tenant administrators can use different ways to access user data. Shouldn’t you have a policy to govern that access?