Forum Discussion
Downloading mass of Unified Audit Logs (UAL) data
Hi, I work in data forensics. We often need to download months of UAL data from customers' Office 365 environment to analyze incidents. For example, I recently had to download 3 months of data, w...
Exchange Remote PowerShell is definitely not the best tool to work with such amounts of data.
Take a look at the Management activity APIs instead: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
- Vasil, the management activity API's are generally not suited to forensics because they are limited to retrieving data that's no more than 7 days old. Per the documentation linked above, the start time and end date query parameters must conform to the following:
"Both must be specified (or both omitted) and they must be no more than 24 hours apart, with the start time no more than 7 days in the past." VasilMichevThis will not work for us as it would require too much setup plus we cannot predict which of our customers have Active Directory LDAP, Azure Active Directory (AAD) or neither.
