Collect Audit info for all MS domain users RRS feed

  • Question

  • Hello.
    My requirement is to develop an application in which an "admin" microsoft user is able to retrieve the activity of all users in the microsoft domain / organization.

    Example: if an user creates a file on OneDrive I should be able to either be notified via an HTTP call against my app (at a certain URL) or have my app make an API call to the Microsoft servers in order to retrieve the latest users' events.

    I created an Azure app which I can connect to my "admin" user via OAuth2.
    I then bumped into this: ...which suggests retrieving events for a single user would should be technically possible. It's not clear whether it is possible to extend this to all users in the Microsoft domain though.

    By reading MS docs I have the feeling something like this may be possible by writing a MarketPlace app, but again, I'm not sure.

    Any lead? 

    Thanks in advance.

    Tuesday, November 1, 2016 11:35 PM

All replies

  • Hi,

    You can locally develop a app, and integrate the app to Azure AD. You can audit the logs of the users who are in Azure AD and you need to have a Azure AD premium license. 

    For more information, refer this article:

    Azam Khan 

    Wednesday, November 2, 2016 1:18 PM
  • Hello and thanks for replying. This clarified things a bit.
    So I followed the doc step by step, created the app as described then tried this Python script:
    It looks authentication is successful but when I try to call the audi API I get:

    {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid domain name in the request url."}}}

    The doc is very vague about this domain thing. 
    In my azure app I added a domain (the domain of my organization, but I couldn't verify it.
    I'm not sure why a domain is necessary, at least at this stage, as currently I'm developing locally.
    What am I supposed to do exactly?
    Thursday, November 3, 2016 2:08 PM