Updated April 26, 2022: We have updated this post to ensure visibility. The content below has not changed.
Microsoft Defender for Cloud Apps is making some changes to the Activity Log experience to align with Microsoft 365 Defender for upcoming unified investigation and hunting experiences. Activity log queries will apply to activities logged in the last 30 days.
Note: All activities will continue to be retained for 180 days.
When will this happen
On April 1, 2022, Activity Log existing filters will query all activities logged in the last 30 days.
How this will affect your organization
To query older activities, you should navigate to Activity Log and click on “Investigate 6 months back” on the top right-hand corner of the screen. From there you will define the filters as normally done with Activity Log.
The following filters will be supported:
- Username
- Activity type
- IP address
- Application
- Location
- Activity ID
The supported operators are equal, not equal. Other filters and operators will not be available when defining a query for activities older than 30 days.
In addition to the changes in the Activity Log there will be a change in the Activities API – which will return only activities from the past 30 days.
What you need to do to prepare
For additional information, refer to the product documentation (documentation will be updated on April 1 upon rollout).
Learn more
- Microsoft Docs > Activities
Message ID: MC343059
Published: 14 March 2022
Updated: 26 April 2022