The average time to detect a breach is up to 210 days, to ensure that all the information required for an effective investigation is available, the retention period should allow for delayed starts to investigating.
Short life activity logs can lead to missing records when investigating a breach
Set a retention period that will allow for delayed investigation
The following example will fail the azure-monitor-activity-log-retention-set check.
The following example will pass the azure-monitor-activity-log-retention-set check.