The 180-Day Cliff: Why Microsoft Deletes Your Analytics and What To Do About It

If you run a SharePoint and Teams usage report from the Microsoft 365 admin center today, the oldest data you can pull is from roughly six months ago. That is not a configuration limitation - it is a hard ceiling enforced at the API level. The Microsoft Graph API supports period parameters of D7, D30, D90, and D180. That is it. There is no D365. There is no "all time."

For most organizations, this is an inconvenience. For regulated industries, it is a compliance failure waiting to happen.

HIPAA requires that audit records and access logs be retained for six years. SOX mandates seven years for financial records and related audit data. PCI DSS requires twelve months of audit trail history with at least three months immediately accessible. ISO 27001 recommends a minimum of twelve months. Every one of these regulations exceeds what Microsoft provides natively.

The partial workarounds that Microsoft offers do not close the gap. Microsoft 365 Usage Analytics provides twelve months of rolling monthly aggregates - but with no daily granularity and a five to eight day latency. Viva Insights retains behavioral data for thirteen to twenty-seven months, but it covers meeting time and collaboration patterns, not SharePoint site usage or Teams channel activity.

The solution is straightforward in concept: capture the data before it expires. A daily Python Azure Function running on a timer trigger calls the Graph API usage report endpoints, parses the JSON response, and writes the results to Azure SQL Serverless within your own subscription. The data volume is modest - roughly 500MB to 1GB per year for a medium-sized organization. Azure SQL Serverless auto-pauses during idle periods, keeping monthly costs under $30.

The technical implementation requires an Azure Function App on the Flex Consumption plan, an Entra ID app registration with Reports.Read.All permission, a certificate stored in Azure Key Vault for authentication, and an Azure SQL Serverless database. The official Microsoft Graph Python SDK handles token acquisition, request construction, pagination, and throttling retries automatically.

The larger question is whether your organization should build this in-house or deploy a pre-built solution. In-house development is feasible for teams with Python and Azure expertise, but it requires ongoing maintenance as Microsoft changes API endpoints and authentication mechanisms. A productized deployment - like QueryNow Compass Analytics Retention - provides a tested, documented solution that deploys in under two weeks with pre-built React dashboards for immediate value.

Either way, the critical action is starting the data capture now. Every day that passes without a retention solution is a day of analytics data that is permanently lost.