PowerShell scripts for Security and Compliance Logs
The unified audit log in the Microsoft 365 Security and Compliance Center contains events from Exchange Online, Azure Active Directory, OneDrive for Business, Micosoft Teams, Power BI, and other Microsoft 365 services. To search the contents of the administrator audit log, run the Search-AdminAuditLog cmdlet.
Admin activities report
Search-AdminAuditLog
[[-Cmdlets <MultiValuedProperty>]
[-DomainController <Fqdn>]
[-EndDate <ExDateTime>]
[-IsSuccess <$true | $false>]
[-ObjectIds <MultiValuedProperty>]
[-Parameters <MultiValuedProperty>]
[-ResultSize <Int32>]
[-StartDate <ExDateTime>]
[-StartIndex <Int32>]
[-UserIds <MultiValuedProperty>]
[-ExternalAccess <$true | $false]
[<CommonParameters>]
If you run the Search-AdminAuditLog cmdlet without any parameters, up to 1,000 log entries will be returned by default.
Search-AdminAuditLog -Cmdlets New-RoleGroup, New-ManagementRoleAssignment
This script finds all the admin audit log entries that contain either the New-RoleGroup or the New-ManagementRoleAssignment cmdlet.
Search-AdminAuditLog -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota -StartDate 01/24/2019 -EndDate 02/12/2019 -IsSuccess $true
This script finds all the admin audit log entries that match the following criteria:
- Cmdlets: Set-Mailbox
- Parameters: UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota
- StartDate: 01/24/2019
- EndDate: 02/12/2019
Auditing with M365 Manager Plus
One-click access to audit reports: Instead of poring over the entire log or fiddling with the filter options in the Microsoft 365 Security and Compliance Center, you can create audit reports and view all the audit data you need in a single click.
Advanced filtering: In the Microsoft 365 Security and Compliance Center, you can only filter logs based on certain attribute values. With M365 Manager Plus, you can filter your logs based on any attribute, and perform multi-valued searches as needed.
Custom views: While Microsoft 365 doesn't support custom views, you can create your own custom views with M365 Manager Plus to see filtered data, summarized data, or filtered, summarized data.
Graphical view: M365 Manager Plus' audit reports present audit data in graph format, so you can quickly and easily see what's happening in your Microsoft 365 environment.
Export data: Using native Microsoft 365 tools, you can only export data to a CSV file. But in M365 Manager Plus, you can export audit data in PDF, XLSX, HTML, or CSV formats.