Forum Discussion
Downloading mass of Unified Audit Logs (UAL) data
Hi, I work in data forensics. We often need to download months of UAL data from customers' Office 365 environment to analyze incidents. For example, I recently had to download 3 months of data, w...
Exchange Remote PowerShell is definitely not the best tool to work with such amounts of data.
Take a look at the Management activity APIs instead: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
Vasil, the management activity API's are generally not suited to forensics because they are limited to retrieving data that's no more than 7 days old. Per the documentation linked above, the start time and end date query parameters must conform to the following:
"Both must be specified (or both omitted) and they must be no more than 24 hours apart, with the start time no more than 7 days in the past."
"Both must be specified (or both omitted) and they must be no more than 24 hours apart, with the start time no more than 7 days in the past."