Logs are ingested with a delay in Graph API

Sayed Sadiq 0 Reputation points

We use MS Graph API to fetch events from other log sources into our SIEM. Basically, many events are loaded into the Graph API with a delay.

Refer: https://learn.microsoft.com/en-us/answers/questions/1192952/graph-api-event-availability-latency

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
2,103 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 79,631 Reputation points MVP

    Welcome to the cloud :) None of the audit logs are generated in real time, you can expect a delay from few minutes to up to a day, depending on the workload. In fact, Microsoft no longer publishes SLAs for those. I tried crawling some old documentation and gathered the values reported therein: https://www.michev.info/blog/post/5749/microsoft-365-azure-ad-audit-logs-and-reports-latency-data

    Needless to say, those are not officially supported SLAs and might be quite outdated by now (some sources were few years old).

    0 comments No comments