none
Azure Audit Graph API vs Search-UnifiedAuditLog or other

    Question

  • Doees anyone know if I should I be using the Graph API or Search-UnifiedAuditLogto retrieve logs from Azure AD and Office 365?

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-audit-samples

    https://technet.microsoft.com/en-us/library/mt238501(v=exchg.160).aspx

    or any other API ?

    Many thanks

    Kev 


    kittuk

    Wednesday, March 8, 2017 12:23 PM

All replies

  • For Azure AD audit logs, you can use either, but if you want Office 365 details that are not specific to Azure AD (e.g. Exchange and SharePoint activity), you need to use Search-UnifiedAuditLog.
    Friday, March 10, 2017 8:12 AM
  • Kev,

    For now, I would use the released cmdlets.  It is worth while to check the information from time to time that you can retrieve the APIs themselves.  I would suggest posting questions on http://stackoverflow.com if you find differences or are looking for more detailed explanations of the APIs and the cmdlets.

    The key is that the APIs are all preview and are expected to change over time as issues are reported or discovered.

    Hope this helps.

    MaxV (MSFT)

    Friday, March 10, 2017 2:08 PM