For most Microsoft products, data retention is 30 days. However, it depends on some products if you use the free or paid version of the product, and some products do not allow you to change to the retention period at all. To get a clear overview, I created a table with the most common Microsoft products with their retention period.
Microsoft Log Retention
| Product | Report | Minimum | Maximum | Default |
| Microsoft Azure AD Free | Audit Logs | 7 days | 7 days | 7 days |
| Microsoft Azure AD Free | Sign-in Logs | 7 days | 7 days | 7 days |
| Microsoft Azure AD Free | Azure MFA Usage | 30 days | 30 days | 30 days |
| Microsoft Azure AD Free | Users at risk | 7 days | 7 days | 7 days |
| Microsoft Azure AD Free | Risky sign-ins | 7 days | 7 days | 7 days |
| Microsoft Azure AD Premium | Audit Logs | 30 days | 30 days | 30 days |
| Microsoft Azure AD Premium | Sign-in Logs | 30 days | 30 days | 30 days |
| Microsoft Azure AD Premium | Azure MFA Usage | 30 days | 30 days | 30 days |
| Microsoft Azure AD Premium P1 | Users at risk | 30 days | 30 days | 30 days |
| Microsoft Azure AD Premium P1 | Risky sign-ins | 30 days | 30 days | 30 days |
| Microsoft Azure AD Premium P2 | Users at risk | 90 days | 90 days | 90 days |
| Microsoft Azure AD Premium P2 | Risky sign-ins | 90 days | 90 days | 90 days |
| Microsoft Defender for Endpoint | Data Retention | 30 days | 180 days | 180 days |
| Microsoft Cloud App Security | Activity Logs | 180 days | 180 days | 180 days |
| Microsoft Cloud App Security | Discovery Data | 90 days | 90 days | 90 days |
| Microsoft Cloud App Security | Alerts | 180 days | 180 days | 180 days |
| Microsoft Cloud App Security | Governance Logs | 120 days | 120 days | 120 days |
| Microsoft Defender for Identity | Audit Logs | 90 days | 90 days | 90 days |
| Microsoft Defender for Office 365 P1 | Real-time Detections | 30 days | 30 days | 30 days |
| Microsoft Defender for Office 365 P2 | Threat Explorer | 30 days | 30 days | 30 days |
| Microsoft Azure Log Analytics Free | Data Retention | 30 days | 30 days | 30 days |
| Microsoft Azure Log Analytics Paid | Data Retention | 30 days | 730 days | 30 days |
| Microsoft Office 365 | Basic Audit Logs | 90 days | 90 days | 90 days |
| Microsoft Office 365 | Advanced Audit Logs | 365 days | 365 days | 365 days |
| Microsoft Office 365 | Message Trace | 90 days | 90 days | 90 days |
Conclusion
Not all products allow you to change the retention period, and some products come with an additional cost when changing the retention period. However, this is not always the case. When a Log Analytics Workspace is attached to Sentinel, data retention if free for 90 days.
Suppose you want to extend the retention period longer than the maximum period. In that case, you need to send the logs to a Security Information and Event Management (SIEM) solution or send it to an Azure Log Analytics workspace if the product supports it.
Microsoft Security Blog 