Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

New Blog | Introducing the Microsoft Purview Audit Search Graph API


By Arish Ojaswi


Microsoft Purview Audit provides an integrated solution to help organizations effectively respond to security incidents, forensic investigations, internal investigations, and compliance obligations.


Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in your organization's unified audit log. Audit records for these events are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators in your organization. This capability provides visibility into the activities performed across your Microsoft 365 organization.


Today, we are excited to announce the upcoming launch of the Microsoft Purview Audit Search Graph API, a new capability that is currently in Public Preview and will be Generally Available by June 2024. With this release, Microsoft Purview Audit will offer a new API available through Microsoft Graph to programmatically search and retrieve relevant audit logs with improvements in search completeness, reliability, and performance. This API serves as an improved alternative to the existing PowerShell cmdlet, Search-UnifiedAuditLog.


What are the advantages of using this new API over the existing Search-UnifiedAuditLog cmdlet?

Microsoft Graph offers a single endpoint to provide access to rich data and insights across the Microsoft ecosystem. The Microsoft Audit Search Graph API is designed to provide a more efficient and reliable way to search audit logs, making it easier for customers and partners to monitor and investigate security incidents. With this new feature, users can expect faster search times, more complete search results, and a more robust and reliable search experience.

Highlights of the API with improvements over the existing Search-UnifiedAuditLog cmdlet are listed below:

  1. The API offers an asynchronous Audit search experience with support for automation – accessible by both users and applications
  2. A more reliable Audit search experience with fewer timeouts and improved search completeness
  3. New granular permissions have been introduced for the Audit workloads (Exchange, Entra, OneDrive, SPO, Intune, CRM) which allow you to grant workload-scoped access to your security admins for the very first time
  4. Ability to programmatically filter Audit logs using 10 parameters with 4 new filter options to be added soon


Read the full post here: Introducing the Microsoft Purview Audit Search Graph API

0 Replies