A. The risky sign-ins report contains filterable data for up to the past 30 days (one month) https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk#risky-users-report

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/reference-reports-data-retention Risky users No limit No limit No limit Risky sign-ins 7 days 30 days 90 days Note Risky users and workload identities are not deleted until the risk has been remediated.

This question is trash. No license specified and even if it did Risky User 'Activity' is retained until the end of time/resolved.

Answer is 90 days. The Risk history tab also shows all the events that led to a user risk change in the last 90 days. This list includes risk detections that increased the user’s risk and admin remediation actions that lowered the user’s risk. Note: Question is not referring to Sign in risk which is 30 days. https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk#:~:text=The%20Risk%20history%20tab%20also%20shows%20all%20the%20events%20that%20led%20to%20a%20user%20risk%20change%20in%20the%20last%2090%20days

A - in Exam

The retention period for logs of risky user activity in Microsoft Entra varies by report type and license type. For instance, the risky sign-ins report contains filterable data for up to the past 30 days. However, you can retain the audit and sign-in activity data for longer than the default retention period by routing it to an Azure storage account using Azure Monitor.