Let's break this down step by step based on Microsoft Entra's sign-in log retention policies as outlined in Microsoft Identity and Access Administrator documentation.
* Understanding Microsoft Entra Sign-In Logs and Licensing:
* Microsoft Entra ID (formerly Azure Active Directory) provides sign-in logs as part of its auditing and reporting capabilities. These logs track user and application sign-in activities, which are critical for security monitoring and compliance.
* The question specifies that the tenant has a Microsoft Entra ID P1 license. Licensing is a key factor in determining the retention period for sign-in logs in Microsoft Entra.
* Retention Period Based on License Tier:
* Microsoft Entra ID has different editions: Free, P1, and P2. Each edition offers different capabilities and retention periods for audit and sign-in logs.
* Free Tier:The Free edition of Microsoft Entra ID retains sign-in logs for7 days.
* P1 Tier:With a Microsoft Entra ID P1 license (as mentioned in the question), sign-in logs are retained for30 days. This is a standard feature of the P1 license, which provides enhanced security and monitoring capabilities compared to the Free tier.
* P2 Tier:The P2 license also retains sign-in logs for30 days, but it includes additional features like risk-based conditional access and identity protection, which are not relevant to the retention period.
* Analysis of the Options:
* A. 14 days:This is incorrect. Microsoft Entra ID does not have a 14-day retention period for sign- in logs under any license tier. This might be confused with other types of logs or services, but it does not apply here.
* B. 30 days:This is correct. As stated, with a P1 license, Microsoft Entra retains sign-in logs for
30 days.
* C. 90 days:This is incorrect. Microsoft Entra ID does not retain sign-in logs for 90 days, even with a P1 or P2 license. To retain logs for longer periods (e.g., 90 days or more), you would need to export the logs to a storage solution like Azure Monitor Logs or a SIEM system (e.g., Microsoft Sentinel), which allows for custom retention periods.
* D. 365 days:This is incorrect for the same reason as option C. Microsoft Entra ID's default retention for sign-in logs is 30 days with a P1 or P2 license. Achieving a 365-day retention would require exporting logs to an external storage solution.
* Additional Considerations:
* If the tenant integrates Microsoft Entra logs with Azure Monitor or Microsoft Sentinel, the retention period can be extended based on the configuration of those services. However, the question specifically asks about Microsoft Entra's default retention, not an extended retention through integration.
* The retention period for audit logs (which track changes to the directory, like user or group modifications) also follows the same pattern: 7 days for Free, 30 days for P1/P2. However, this question is about sign-in logs, not audit logs.
* Conclusion:Given that the tenant has a Microsoft Entra ID P1 license, the sign-in logs are retained for
30 days. Therefore, the correct answer isB.
References:
Microsoft Entra ID documentation: "Audit and sign-in logs retention" (Microsoft Learn:https://learn.microsoft.
com/en-us/entra/identity/monitoring-health/concept-audit-sign-in-logs#how-long-are-logs-retained) Microsoft Entra ID P1 and P2 feature comparison: "Editions of Microsoft Entra ID" (Microsoft Learn:
https://learn.microsoft.com/en-us/entra/fundamentals/licensing)
Microsoft Identity and Access Administrator (SC-300) exam study guide, which covers monitoring and reporting capabilities, including log retention periods.