Hi!
So basically I am building a desktop application, which can retrieve every type of actions performed on a sharepoint site, and can be filtered to any of the actions.
I can get these logs in the microsoft compliance center on the Auditlog search page, but none of the company members will get access to the compliance portal, yet some of the members will need to see sometimes the actions of the sharepoint site.
I have an AAD Application (with every possible permission delegated to it), I want the app to communicate and get the logs via an API that Microsoft provides.
I tried these API calls to retrieve the data but there were problems in every method:
GET "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?%24filter=activityDateTime%20ge%202023-02-01"
--200, No Sharepoint data retrieved
GET "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?%24filter=category%20eq%20'SharePoint'%20and%20activityDateTime%20ge%202023-02-01"
--200, still no Sharepoint data retrieved
GET "https://graph.microsoft.com/v1.0/sites/site-id/items/105/activities"
--400, "Resource not found for the segment 'activities'."
GET "https://graph.microsoft.com/v1.0/reports/getSharePointActivityPages(period='D180')"
--200, Only the report headers were retrieved - propably because tenant settings/license problems
GET "https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(date=2023-02-06)"
--200, Probably the same as above
And a Powershell script, that managed to retrive all SP operations with the Management API, but it can only search back for 24 hours, I need at least 1 month.
Can someone help me out? I don't have a lot of experience working with API-s sadly.
PS Scirpt to retrieve all Sharepoint activities from the last 24 hours
$ClientID = "*******"
$ClientSecret = "********"
$tenantdomain = "********"
$TenantGUID = "**************"
$loginURL = "https://login.microsoftonline.com/"
$resource = "https://manage.office.com"
# auth
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/start?contentType=Audit.SharePoint" -Method Post | Out-Null
#Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/list"
$response = Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/content?contentType=Audit.SharePoint"
$contents = ConvertFrom-Json $response.Content;
$result = @();
foreach($blobInfo in $contents){
$eventsResponse = Invoke-WebRequest -Headers $headerParams -Uri $blobInfo.contentUri | ConvertFrom-Json
$result += $eventsResponse | select CreationTime, Operation, UserId, ObjectId
}
Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/stop?contentType=Audit.SharePoint" -Method Post | Out-Null
$result | Out-File -FilePath "******\result.txt"