Hi @Morales, Emma L STF (CTR)
You could use the following code:
Search-UnifiedAuditLog -EndDate (Get-Date) -StartDate (Get-Date).AddDays(-90) -Operations "GroupAdded","GroupRemoved" | export-csv c:\AuditReport.csv
You could add the cmdlet into "Operations" such as "AddedToGroup","GroupRemoved" as your own need, you could refer to this article to find the cmdlet:
https://learn.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#site-permissions-activities
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.