![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
2,605 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi @Anonymous Thank you for reaching out to us, As I understand you have encourtered this error "Given data uri is not formatted correctly with data uri syntax" while downloading the non-interactive sign-in logs from the Azure AD/Entra Portal.
I have seen this error in the past, it could be issue with throttling (too many requests at a given time/downloading data with larger intervals), causing this issue.
You could consider using Azure Graph API to download it with idle time period. And, you could also try downloading the data in smaller chunks. For example instead of downloading all 30 days worth of data, try downloading it in 7 day chunks or 1 day chunks etc.
There is also script available as well for the same, which you can consider - https://github.com/jasonfritts/AADReportingAPI/blob/master/MSGraphSignDownloadWithClientApp.ps1
https://github.com/jasonfritts/AADReportingAPI
The above script will require a registered application with AAD reporting permission. The application and tenant data need to be updated manually.
The main reason to use script to download the log because it will help to handle retry logical to avoid the throttling limit error.
If the your side data size is extremely large, please replace line 117 to 121 like below (increase sleep time automatically)
#{
# throttled request, wait for a few seconds and retry
#Start-Sleep -s 5
#}
{
[int] $delay = [int](($_.Exception.Response.Headers | Where-Object Key -eq 'Retry-After').Value[0])
Write-Verbose -Message "Retry Caught, delaying $delay s"
Start-Sleep -s $delay
}
Other options you can consider:
- Configure Azure AD audit\sign in logs to stream to Azure Monitor or stream to Azure Storage account and download logs from one of these services where throttling is not an issue.
- Decrease the amount of log data being downloaded from the portal by changing the time range filters to smaller increments of time.
Our team is aware of this issue, working on a fix internally, dont have specific ETA however you can consider the above options to download the logs.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 11%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)