Microsoft 365 administrators can create audit log retention policies to help them meet the organization’s compliance requirements. We will show you how to do just that in this blog post.
To create an audit log retention policy, first sign in to Microsoft 365 with your administrator account. Then, go to the Security Center. In the left navigation pane, click on Audit log.
Create a retention policy
On the Audit log search page, click on the Audit retention policies tab, as shown below.
From the Audit retention policies page click on Create audit retention policy.
In the New retention policy dialogue box, give the policy a name and description. In our case I’m creating an audit rule for Exchange Online mailbox delegation activities.
Under users, I will leave it blank to audit all users. the record type will set to ExchangeAdmin and finally in the activities option I will use added delegate mailbox permissions.
Next, click on the Save button to save your new audit log retention policy!