Get started with the Azure Active Directory reporting API

Azure Active Directory provides you with several reports, containing useful information such as security information and event management (SIEM) systems, audit, and business intelligence tools. By using the Microsoft Graph API for Azure AD reports, you can gain programmatic access to the data through a set of REST-based APIs. You can call these APIs from various programming languages and tools.

This article provides you with an overview of the reporting API, including ways to access it. If you run into issues, see how to get support for Azure Active Directory.

Prerequisites

To access the reporting API, with or without user intervention, you need to:

  1. Confirm your roles and licenses
  2. Register an application
  3. Grant permissions
  4. Gather configuration settings

For detailed instructions, see the prerequisites to access the Azure Active Directory reporting API.

API Endpoints

Microsoft Graph API endpoints:

  • Audit logs: https://graph.microsoft.com/v1.0/auditLogs/directoryAudits
  • Sign-in logs: https://graph.microsoft.com/v1.0/auditLogs/signIns

Programmatic access APIs:

Check out the following helpful resources for Microsoft Graph API:

APIs with Microsoft Graph Explorer

You can use the Microsoft Graph explorer to verify your sign-in and audit API data. Sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set AuditLog.Read.All and Directory.Read.All permissions for your tenant as shown.

Graph Explorer

Modify permissions UI

Use certificates to access the Azure AD reporting API

Use the Azure AD Reporting API with certificates if you plan to retrieve reporting data without user intervention.

For detailed instructions, see Get data using the Azure AD Reporting API with certificates.

Next steps