I have a SBX provisioned specifically for Shield (includes encryption, event monitoring, privacy center, and field audit trail) and I cannot find anywhere in Setup to enable Field Audit Trail. I'm also confused about where to configure the retention policies. I have read through the Security Implementation Guide and the FAT Implementation guide but I have not found any step-by-step instructions.
The Field Audit Trail Implementation Guide is probably your best resource.
Once purchased, the FieldHistoryArchive big object is created automatically, with the archive period set to 18 months by default (this is when records are moved from the _History tables to the FieldHistoryArchive), and records are retained in the FieldHistoryArchive indefinitely (that is, until you manually delete them).
IMO, Field Audit Trail still needs a lot of work. There's no UI to configure it, you have to retrieve/deploy metadata files. This is where some vendor products like RevCult have solutions to make things easier, but it's a gap that Salesforce should address. Searching and retrieving records from big objects is also quite challenging due to the limitations and constraints imposed on big objects.
Basically, Field Audit Trail provides just enough functionality to allow you to check a box for compliance reasons, but considerable work and additional tools are probably needed in order to make the data more consumable.
