Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-MgAuditLogDirectoryAudit
- Module:
- Microsoft.Graph.Reports Module
Get a specific Microsoft Entra audit log item. This includes an audit log item generated by various services within Microsoft Entra ID like user, application, device and group management, privileged identity management (PIM), access reviews, terms of use, identity protection, password management (self-service and admin password resets), self-service group management, and so on.
Note
To view the beta release of this cmdlet, view Get-MgBetaAuditLogDirectoryAudit
Syntax
List (Default)
Get-MgAuditLogDirectoryAudit
[-ExpandProperty <string[]>]
[-Property <string[]>]
[-Filter <string>]
[-Search <string>]
[-Skip <int>]
[-Sort <string[]>]
[-Top <int>]
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-PageSize <int>]
[-All]
[-CountVariable <string>]
[<CommonParameters>]
Get
Get-MgAuditLogDirectoryAudit
-DirectoryAuditId <string>
[-ExpandProperty <string[]>]
[-Property <string[]>]
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[<CommonParameters>]
GetViaIdentity
Get-MgAuditLogDirectoryAudit
-InputObject <IReportsIdentity>
[-ExpandProperty <string[]>]
[-Property <string[]>]
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[<CommonParameters>]
Description
Get a specific Microsoft Entra audit log item. This includes an audit log item generated by various services within Microsoft Entra ID like user, application, device and group management, privileged identity management (PIM), access reviews, terms of use, identity protection, password management (self-service and admin password resets), self-service group management, and so on.
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | AuditLog.Read.All, Directory.Read.All, |
| Delegated (personal Microsoft account) | Not supported |
| Application | AuditLog.Read.All, Directory.Read.All, |
Examples
Example 1: Retrieve the list of audit logs
Import-Module Microsoft.Graph.Reports
Get-MgAuditLogDirectoryAudit
This example will retrieve the list of audit logs
Example 2: Retrieve the list of audit logs with a filter on initiatedBy/user
Import-Module Microsoft.Graph.Reports
Get-MgAuditLogDirectoryAudit -Filter "initiatedBy/user/id eq '00000000-0000-0000-0000-000000000000'"
This example will retrieve the list of audit logs with a filter on initiatedby/user
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CV |
Parameter sets
-DirectoryAuditId
The unique identifier of directoryAudit
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ExpandProperty
Expand related entities
Parameter properties
| Type: | System.String[] |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Expand |
Parameter sets
-Filter
Filter items by property values
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IReportsIdentity |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PageSize
Sets the page size of results.
Parameter properties
| Type: | System.Int32 |
| Default value: | 0 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Property
Select properties to be returned
Parameter properties
| Type: | System.String[] |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
-Search
Search items by search phrases
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Skip
Skip the first n items
Parameter properties
| Type: | System.Int32 |
| Default value: | 0 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Sort
Order items by property values
Parameter properties
| Type: | System.String[] |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | OrderBy |
Parameter sets
-Top
Show only the first n items
Parameter properties
| Type: | System.Int32 |
| Default value: | 0 |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.PowerShell.Models.IReportsIdentity
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDirectoryAudit
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IReportsIdentity>: Identity Parameter
[Date <DateTime?>]: Usage: date={date}
[DeviceManagementExportJobId <String>]: The unique identifier of deviceManagementExportJob
[DirectoryAuditId <String>]: The unique identifier of directoryAudit
[EndDateTime <DateTime?>]: Usage: endDateTime={endDateTime}
[Filter <String>]: Usage: filter='{filter}'
[GroupId <String>]: Usage: groupId='{groupId}'
[IncludedUserRoles <String>]: Usage: includedUserRoles='{includedUserRoles}'
[IncludedUserTypes <String>]: Usage: includedUserTypes='{includedUserTypes}'
[ManifestId <String>]: The unique identifier of manifest
[OperationId <String>]: The unique identifier of operation
[Period <String>]: Usage: period='{period}'
[PrintUsageByPrinterId <String>]: The unique identifier of printUsageByPrinter
[PrintUsageByUserId <String>]: The unique identifier of printUsageByUser
[PrinterId <String>]: Usage: printerId='{printerId}'
[ProvisioningObjectSummaryId <String>]: The unique identifier of provisioningObjectSummary
[SignInId <String>]: The unique identifier of signIn
[Skip <Int32?>]: Usage: skip={skip}
[SkipToken <String>]: Usage: skipToken='{skipToken}'
[StartDateTime <DateTime?>]: Usage: startDateTime={startDateTime}
[Top <Int32?>]: Usage: top={top}
[UserId <String>]: Usage: userId='{userId}'
[UserRegistrationDetailsId <String>]: The unique identifier of userRegistrationDetails