Forum Discussion
Audit Log, what is TokenIssuedAtTime?
I used audit log to search user delete MS Teams files, by using Recycled File and Recycled Folder, I got the log file. Why the TokenIssuedAtTime and the CreationTime are so much different? Below is ...
In Microsoft 365 audit logs, TokenIssuedAtTime denotes the point at which Azure Active Directory issued an authentication token for the user’s session. By contrast, CreationTime represents the timestamp of the specific audited activity, such as deleting or recycling a file or folder. The discrepancy between these values arises because a user may authenticate and receive a token well in advance, sometimes hours or even days before performing the action that is ultimately recorded in the audit log.