Flow logs are the source of truth for all network activity in your cloud environment. To enable analysis in security event that was detected late, you need to have the logs available.
Setting an retention policy will help ensure as much information is available for review.
Not enabling retention or having short expiry on flow logs could lead to compromise being undetected limiting time for analysis
Ensure flow log retention is turned on with an expiry of >90 days
The following example will fail the azure-network-retention-policy-set check.
The following example will pass the azure-network-retention-policy-set check.