customSecurityAttributeAudit resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a custom security attribute audit log.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List | customSecurityAttributeAudit collection | List the custom security attribute audit items in the collection and their properties. |
| Get | customSecurityAttributeAudit | Get a specific custom security attribute audit item and its properties. |
Properties
| Property | Type | Description |
|---|---|---|
| activityDateTime | DateTimeOffset | Indicates the date and time the activity was performed. The Timestamp type is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z. Supports $filter (eq, ge, le). |
| activityDisplayName | String | Indicates the activity name or the operation name. For example: "Add custom security attribute definition in an attribute set" or "Update attribute values assigned to a user." For a list of activities logged, refer to Microsoft Entra audit log categories and activities. Supports $filter (eq, startswith). |
| additionalDetails | keyValue collection | Indicates additional details on the activity. |
| category | String | Indicates the resource category that's targeted by the activity. Custom security attribute activities are logged in a single category: AttributeManagement. |
| correlationId | String | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
| id | String | Indicates the unique ID for the activity. Inherited from entity. |
| initiatedBy | auditActivityInitiator | Indicates information about the user or app initiated the activity. Supports $filter (eq) for user/id, user/displayName, user/userPrincipalName, app/appId, app/displayName; and $filter (startswith) for user/userPrincipalName. |
| loggedByService | String | Indicates information on which service initiated the activity. For example: Core Directory. Supports $filter (eq). |
| operationType | String | Indicates the type of operation that was performed. The possible values include but aren't limited to the following: Add, Assign, Update, Unassign, and Delete. |
| result | operationResult | Indicates the result of the activity. The possible values are: success, failure, timeout, unknownFutureValue. |
| resultReason | String | Indicates the reason for failure if the result is failure or timeout. |
| targetResources | targetResource collection | Indicates information on which resource was changed due to the activity. The target resource type can be User, App, or Other. Supports $filter (eq) for id and displayName; and $filter (startswith) for displayName. |
| userAgent | String | Type of user agent used by a user in the activity. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.customSecurityAttributeAudit",
"id": "String (identifier)",
"category": "String",
"correlationId": "String",
"result": "String",
"resultReason": "String",
"activityDisplayName": "String",
"activityDateTime": "String (timestamp)",
"loggedByService": "String",
"operationType": "String",
"initiatedBy": {
"@odata.type": "microsoft.graph.auditActivityInitiator"
},
"targetResources": [
{
"@odata.type": "microsoft.graph.targetResource"
}
],
"userAgent": "String",
"additionalDetails": [
{
"@odata.type": "microsoft.graph.keyValue"
}
]
}