Skip to Content

MC343059: Change in Activity Log experience for activities older than 30 days

Updated April 26, 2022: We have updated this post to ensure visibility. The content below has not changed.

Microsoft Defender for Cloud Apps is making some changes to the Activity Log experience to align with Microsoft 365 Defender for upcoming unified investigation and hunting experiences. Activity log queries will apply to activities logged in the last 30 days.

Note: All activities will continue to be retained for 180 days.

MC343059: Change in Activity Log experience for activities older than 30 days

When will this happen

On April 1, 2022, Activity Log existing filters will query all activities logged in the last 30 days.

How this will affect your organization

To query older activities, you should navigate to Activity Log and click on “Investigate 6 months back” on the top right-hand corner of the screen. From there you will define the filters as normally done with Activity Log.

The following filters will be supported:

  • Username
  • Activity type
  • IP address
  • Application
  • Location
  • Activity ID

The supported operators are equal, not equal. Other filters and operators will not be available when defining a query for activities older than 30 days.

In addition to the changes in the Activity Log there will be a change in the Activities API – which will return only activities from the past 30 days.

What you need to do to prepare

For additional information, refer to the product documentation (documentation will be updated on April 1 upon rollout).

Learn more

Message ID: MC343059
Published: 14 March 2022
Updated: 26 April 2022

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker