Forum Discussion
Roles required for Search-UnifiedAuditLog
Hi,
You can check it with this cmdlet in Exchange Online PowerShell:
PS C:\Users\domin> Get-ManagementRoleEntry "*\Search-UnifiedAuditLog"
Name Role Parameters
---- ---- ----------
Search-UnifiedAuditLog View-Only Audit Logs {Debug, EndDate, ErrorAction, ErrorVariable...}
Search-UnifiedAuditLog Audit Logs {Debug, EndDate, ErrorAction, ErrorVariable...}You can modifiy the permissions via RBAC and only grab the necessary cmdlet's that you will need. Both roles are the default roles in Exchange Online.
Hi,
You can check it with this cmdlet in Exchange Online PowerShell:
PS C:\Users\domin> Get-ManagementRoleEntry "*\Search-UnifiedAuditLog"
Name Role Parameters
---- ---- ----------
Search-UnifiedAuditLog View-Only Audit Logs {Debug, EndDate, ErrorAction, ErrorVariable...}
Search-UnifiedAuditLog Audit Logs {Debug, EndDate, ErrorAction, ErrorVariable...}
You can modifiy the permissions via RBAC and only grab the necessary cmdlet's that you will need. Both roles are the default roles in Exchange Online.
- Hi Dominik,
Thanks, that clarifies a lot.
I'm still getting an error that the cmdlet isn't existing. Do I need to assign specific O365 licenses for this to work to the user? (which would be a shame)- Hi Ruben,
No license is required but you need the “Exchange admin” Office 365 admin role to get all cmdlets. It could be a cloud only or synchronized identity with the proper permissions.Indeed. I created a Security role for Audit Only, and did the same in Exchange Online.
Still didn't get the cmdlet.
After adding the user to the Exchange Administrator role, it works as expected.
My only fear is, did I give too many permissions for simply an interface user that will export Powershell logs?
