MC720778 - Microsoft Purview: Audit Search with Microsoft Graph API

Updated April 2, 2024: We have updated the rollout timeline below. Thank you for your patience.

Microsoft Graph offers a unified API endpoint for accessing data from multiple Microsoft cloud services in a single response. This feature provides a new Audit Log Query API for Microsoft Purview that enables you to create applications that programmatically query and retrieve your organization’s audit activity logs.

This message is associated with Microsoft 365 Roadmap ID 117587.

When this will happen:

Worldwide: Rollout will begin in late May 2024 (previously mid-March) and is expected to complete by early June 2024 (previously late March).

How this will affect your organization:

Admins in your organization with access to search the audit log will be able to programmatically access the audit logs through the new Audit Log Query Graph API.

What you need to do to prepare:

To access the new Audit Log Query Graph API, register your application with Microsoft Graph and add the relevant Graph permissions.

You may want to notify your users about this change and update any relevant documentation as appropriate.

Microsoft Purview Audit enables customers to centrally visualize cloud log data generated across their enterprise, thus helping them effectively respond to security events, forensic investigations, internal investigations and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in customers' unified Microsoft Purview audit logs.

Resources

• Learn about Microsoft Purview Audit
• Access to search the Audit log in Get started with auditing solutions | Microsoft Learn
• Register your application with Microsoft Graph in Use the Microsoft Graph API - Microsoft Graph | Microsoft Learn
• Learn more about Use the Microsoft Graph API - Microsoft Graph | Microsoft Learn