View Power Automate audit logs
Access the logs
Sign into the Microsoft Purview compliance portal as a tenant admin.
In the left hamburger menu, select Show all.
Select Audit from the Solutions category.
Power Platform admins can search the Audit screen for details from the following popular services.
- Power BI
- Azure AD
- Microsoft Teams
- Dynamics 365
- Power Apps,
- Power Automate
Admins can filter for specific activities via the Activities list. You'll find the Power Automate activities in this list.
See audited events
All logging is done at the SDK layer, so a single action can trigger multiple logged events. Here's a list of the user events that you can audit.
|Flows||Created flow||The time when a flow is created|
|Flows||Edited flow||Any updates made to the flow|
|Flows||Deleted flow||When the flow is deleted|
|Flow permissions||Edited permissions||Every time a user's permissions to a flow changes, for example, when a user is added as co-owner.|
|Flow permissions||Deleted permissions||Every time a user's permissions to the flow is removed|
|Trials||Started a paid trial||When a user starts a paid trial|
|Trials||Renewed a paid trial||When a user renews a paid trial|
Get details on base schema for logging
Schemas define the Power Automate fields that are sent to the Microsoft Purview compliance portal. Some fields are common to all applications that send audit data to Microsoft 365, while others are specific to Power Automate. The base schema contains these common fields.
|Field display name||Logical name||Type||Mandatory||Description|
|Date||CreationTime||Edm.Date||No||Date and time when the log was generated in UTC|
|Flow details||FlowDetailsUrl||Edm. String||No||Link to the flow’s details page|
|IP address||ClientIP||Edm.String||No||IP address of the user’s device|
|ID||ID||Edm.Guid||No||A unique GUID for every row logged|
|Result status||ResultStatus||Edm.String||No||Status of the row logged|
|Organization ID||OrganizationId||Edm.Guid||Yes||A unique identifier of the organization from which the log was generated|
|Operation||Operation||Edm.String||No||Name of an operation|
|Workload||Workload||Edm.String||No||Workload of an operation|
|User||UserKey||Edm.String||No||A unique identifier of the user in Azure AD|
|User type||UserType||Edm.String||No||The audit type (admin, regular, or system)|
|Flow connector names||FlowConnectorNames||Edm.String||No||Connector names listed in the flow|
|SharingPermission||SharingPermission||Edm.String||No||Type of permission shared with another user (3 = “Owner”/ReadWrite, 2 = "Run-only user"/Read)|
|Recipient UPN||RecipientUPN||Edm.String||No||If permission was updated, shows the UPN of the permission recipient|
|LicenseDisplayName||LicenseDisplayName||Edm.String||No||Display name of the license|
|UserTypeInititated||UserTypeInititated||Edm.Int32||No||Which type of user initiated the operation - applicable for delete flow, edit permissions (1 = user, 2 = admin)|
|UserUPN||UserUPN||Edm.String||No||Unique ID of the user. Always equivalent to UserKey|
|Additional info||More information, for example, the environment name)|
Microsoft retains the audit data for 90 days. You can export the audit data in .csv format and then further explore the data with Microsoft Excel or Power BI.
Events become available in the logs within 90 minutes of their occurrence.
Only activity from cloud flows is available in the Microsoft Purview compliance portal. Activity for desktop flows is in the Microsoft Dataverse audit logs.