Skip to Content

MC343059: Change in Activity Log experience for activities older than 30 days

Updated April 26, 2022: We have updated this post to ensure visibility. The content below has not changed.

Microsoft Defender for Cloud Apps is making some changes to the Activity Log experience to align with Microsoft 365 Defender for upcoming unified investigation and hunting experiences. Activity log queries will apply to activities logged in the last 30 days.

Note: All activities will continue to be retained for 180 days.

MC343059: Change in Activity Log experience for activities older than 30 days

When will this happen

On April 1, 2022, Activity Log existing filters will query all activities logged in the last 30 days.

How this will affect your organization

To query older activities, you should navigate to Activity Log and click on “Investigate 6 months back” on the top right-hand corner of the screen. From there you will define the filters as normally done with Activity Log.

The following filters will be supported:

  • Username
  • Activity type
  • IP address
  • Application
  • Location
  • Activity ID

The supported operators are equal, not equal. Other filters and operators will not be available when defining a query for activities older than 30 days.

In addition to the changes in the Activity Log there will be a change in the Activities API – which will return only activities from the past 30 days.

What you need to do to prepare

For additional information, refer to the product documentation (documentation will be updated on April 1 upon rollout).

Learn more

Message ID: MC343059
Published: 14 March 2022
Updated: 26 April 2022

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.