Free Microsoft SC-401 Actual Exam Questions - Question 13 Discussion
You are implementing insider risk management.
You need to maximize the amount of historical data that is collected when an event is triggered.
What is the maximum number of days that historical data can be collected?
Probably B, since triggered events usually keep 60 days max even with E5.
C imo, since advanced audit might boost data retention up to 90 days.
Actually, B sounds more accurate here since 60 days fits the typical retention for triggered insider risk events. Longer periods usually involve different logs or compliance data, not the triggered event history itself.
Maybe C here. I know 90 days is a common retention period for a lot of Microsoft 365 compliance features, so it feels like a reasonable ceiling for insider risk historical data too. The 180 days seems a bit high for triggered event data, which tends to have stricter limits. So 90 days might be the max window they allow for looking back once an insider risk event pops up.
B tbh, I think 60 days is the max for historical data in insider risk management. The longer periods usually apply to audit logs rather than triggered event data specifically.
Maybe C since 90 days is common for compliance data retention.
D. Anyone else know if historical data includes both user activity and communication events? That might affect the limit.