This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 65%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Is there a way on how I can show the logs from access package into my web application?
Hi @Jizeth Esperanzate , what kind of logs are you looking to export? You can download user reports by following this document. I'm not sure if that's entirely what you're looking for though. Please let me know and I can assist you further.
Best,
James
I want to keep track of all the Access Packages requests made through my application so that support and troubleshooting can be made easier. I saw that there's an Audit Logs in the Identity Governance, is there a way that I can get these data by using MS graph API? or what other way can I show these data from my web application?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@Jizeth Esperanzate , You should be able to get the data you see in the screenshot by downloading the audit logs. We have graph API for downloading the directory audits and that should contain this data. It might be possible that since most of the API features related to Entitlement management are only available in the Beta version of the API so the data for entitlement management operations may not be obtained using the v1 API and you only get it in the audit logs with beta graph API .
You can surely download the audit reports using the directory auditlogs functions within Microsoft Graph API . The following is a PowerShell script I had written earlier for downloading the logs.
$ClientID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # You need to register this using app registration section on the Azure AD portal.
$ClientSecret = "_xxxxxxxx_xxxxxxxxxxxxx._xxxxxxx~" # The client secret generated for the above application ID
$loginURL = "https://login.microsoftonline.com/"
$tName = "xxxxxxxx.onmicrosoft.com" # Your tenant name , for example :- contoso.onmicrosoft.com
$res = "https://graph.microsoft.com/"
$Logfile = "./azure.log" # Just for debugging purposes
Function LogWrite
{
Param ([string]$logstring)
Add-content $Logfile -value ((get-date).toString() + " " + $logstring)
}
$fromdate= "{0:s}" -f (get-date).AddHours(-12).ToUniversalTime() + "Z"
$filedate= "{0:s}" -f (get-date).AddHours(0).AddSeconds(-(get-date).Second).ToUniversalTime() + "Z"
$filedate=$filedate.Replace(':', '-')
$todate= "{0:s}" -f (get-date).ToUniversalTime() + "Z"
$body = @{grant_type="client_credentials";resource=$res;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tName/oauth2/token?api-version=1.0 -Body $body
$url = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=start/dateTime ge $fromDate and end/dateTime le $toDate"
Do{
if ($oauth.access_token -ne $null)
{
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
LogWrite("Fetching data using Uri: $url. from: $fromdate, to:$todate")
$myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url)
$json = $myReport.Content | convertfrom-json
$output2 = $json.value | Export-Csv ./json-$filedate.csv -NoTypeInformation -Append # output of json
$json.value | Select-Object -Property @{Name = "Directory Event id"; Expression ={ $_.id}},correlationId,@{Name = "Timestamp"; Expression ={ $_.createdDateTime}},@{Name = "User"; Expression ={ $_.userDisplayName}},@{Name = "UPN"; Expression ={ $_.userPrincipalName}},@{Name = "UserID"; Expression ={ $_.userId}},@{Name = "AAD Internal App"; Expression ={ $_.appDisplayName}},@{Name = "Application ID"; Expression ={ $_.appid}},@{Name = "Ip Address"; Expression ={ $_.ipAddress}},@{Name = "City"; Expression ={ $_.location.city}},@{Name = "State"; Expression ={ $_.location.state}},@{Name = "Country"; Expression ={ $_.location.countryOrRegion}},@{Name = " Applied CA policies"; Expression ={ $_.appliedConditionalAccessPolicies}},@{Name = "User-side App"; Expression ={ $_.clientAppUsed}},@{Name = "Resrouce Called"; Expression ={ $_.resourceDisplayName}},@{Name = "Resrouce Id"; Expression ={ $_.resourceId}},@{Name = "Error Code"; Expression ={ $_.status.errorCode}},@{Name = "Failure Reason"; Expression ={ $_.status.failureReason}},@{Name = "Failure Details"; Expression ={ $_.status.additionalDetails}},@{Name = "Device ID"; Expression ={ $_.deviceDetail.deviceId}},@{Name = "Device Name"; Expression ={ $_.deviceDetail.displayName}},@{Name = "OS Name"; Expression ={ $_.deviceDetail.operatingSystem}},@{Name = "Browser"; Expression ={ $_.deviceDetail.browser}},@{Name = "Intune Compliance"; Expression ={ $_.deviceDetail.isCompliant}},@{Name = "Intune Managed"; Expression ={ $_.deviceDetail.isManaged}},@{Name = "Device Trust Type"; Expression ={ $_.deviceDetail.trustType}} | Export-Csv ./Audit-$filedate.csv -NoTypeInformation -Append
$url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
LogWrite("New URL: $url")
}
else {
LogWrite("ERROR: No Access Token. trying to get new access_token")
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tName/oauth2/token?api-version=1.0 -Body $body
LogWrite("token: $oauth")
}
}
While($url -ne $null)
In the $url Section (line number 20) you can either call the GA v1 endpoint https://graph.microsoft.com/v1.0/auditLogs/directoryAudits or the beta endpoint . https://graph.microsoft.com/beta/auditLogs/directoryAudits
You should be able to get the data you see in the screenshot by downloading the audit logs. We have graph API for downloading the directory audits and that should contain this data. However I am not sure if that is available in by querying the Audit logs using v1 graph API because the entitlement management API calls are only available in the Microsoft Graph beta version currently . It might be possible that since most of the API features related to Entitlement management are only available in the Beta version]3 of the API so the data for entitlement management operations may not be obtained using the v1 API for directory Audits and you only get it in the audit logs with beta graph API .
However we do not recommend using Beta API in production as its subject to change without notice. If you are building this web application for your client's production environment , then we would recommend against it as it can change anytime in future. But if it is for a non-critical lab project , please feel free to explore and try the same. Hope the information provided in the post is helpful . Should you have any other query , feel free to let us know and we will be happy to help .
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks @Shashi Shailaj for your answer!
I have tried using this endpoint https://graph.microsoft.com/v1.0/auditLogs/directoryAudits to obtain the audit logs and I can see the logs for Enablement Management even it is in v1. Although, I get all the audit logs in Azure Active Directory.
Is there a way that I can filter only the logs with category='EnablementManagement'? I got this error when I try to filter my request https://graph.microsoft.com/v1.0/auditLogs/directoryAudits$filter=(category, "EntitlementManagement')
Error:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'directoryAudits$filter='.",
"innerError": {
"date": "2021-08-04T07:22:09",
"request-id": "683f2200-82fa-49e7-85b2-79e6a4eaea3e",
"client-request-id": "0c8eed06-17a9-d9b4-3945-0fdb4f8d8d98"
}
}