SC-300 Exam - Question 141

https://learn.microsoft.com/en-us/entra/identity/monitoring-health/reference-reports-data-retention Risky users No limit No limit No limit Risky sign-ins 7 days 30 days 90 days Note Risky users and workload identities are not deleted until the risk has been remediated.

A. The risky sign-ins report contains filterable data for up to the past 30 days (one month) https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk#risky-users-report

This question is trash. No license specified and even if it did Risky User 'Activity' is retained until the end of time/resolved.

The retention period for logs of risky user activity in Microsoft Entra varies by report type and license type. For instance, the risky sign-ins report contains filterable data for up to the past 30 days. However, you can retain the audit and sign-in activity data for longer than the default retention period by routing it to an Azure storage account using Azure Monitor.

A - in Exam

Answer is 90 days. The Risk history tab also shows all the events that led to a user risk change in the last 90 days. This list includes risk detections that increased the user’s risk and admin remediation actions that lowered the user’s risk. Note: Question is not referring to Sign in risk which is 30 days. https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk#:~:text=The%20Risk%20history%20tab%20also%20shows%20all%20the%20events%20that%20led%20to%20a%20user%20risk%20change%20in%20the%20last%2090%20days