Audit logs for updating/deleting a user via MS Graph

Question

I'd like to keep an audit trail of changes to user objects such as changing their name, e-mail and extension property value, and deleting user objects done with MS Graph operations below: https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http https://learn.microsoft.com/en-us/graph/api/user-delete?view=graph-rest-1.0&tabs=http

What's the best way to do it?

I understand B2C SigninLogs and AuditLogs can be sent to a Log analytics workspace, but these operations don't seem to contain the required information.

Further there is the MicrosoftGraphActivityLogs table in Azure Monitor that seem to cover what I need (judging by the description) but when I enable the diagnostics setting for MicrosoftGraphActivityLogs int the Azure Active Directory blade for B2C tenant, it stays empty - which is in line with B2C monitoring documentation doc that says: "Only the AuditLogs and SignInLogs diagnostic settings are currently supported for Azure AD B2C tenants."

Answer 1

Hello metalheart,

Thanks for reaching out!

You can use delta query to get newly created, updated, or deleted users without having to perform a full read of the entire user collection. Please refer to the sample request:

GET https://graph.microsoft.com/v1.0/users/delta

Delta query enables applications to discover newly created, updated, or deleted entities without performing a full read of the target resource with every request. Microsoft Graph applications can use delta query to efficiently synchronize changes with a local data store.

Please refer to the documentation for more details.

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".