- AGENT ACTIVITY AUDIT HOW TO
- AGENT ACTIVITY AUDIT FULL
- AGENT ACTIVITY AUDIT DOWNLOAD
- AGENT ACTIVITY AUDIT WINDOWS
The value True indicates that the cmdlet was run by datacenter personnel, a datacenter service account, or a delegated administrator.įor Exchange mailbox activity, specifies whether a mailbox was accessed by a user outside your organization. The value False indicates that the cmdlet was run by someone in your organization. Possible values are SharePoint and ObjectModel.įor Exchange admin activity, specifies whether the cmdlet was run by a user in your organization, by Microsoft datacenter personnel or a datacenter service account, or by a delegated administrator. Identifies that an event occurred in SharePoint. This property is displayed only for the FileCopied and FileMoved user activities.
AGENT ACTIVITY AUDIT FULL
The combination of the values for the SiteURL, the DestinationRelativeURL, and the DestinationFileName property is the same as the value for the ObjectID property, which is the full path name for the file that was copied. The URL of the destination folder where a file is copied or moved. This property is displayed only for the FileCopied and FileMoved actions. The file extension of a file that is copied or moved. The date and time in Coordinated Universal Time (UTC) when the user performed the activity. The IP address is displayed in either an IPv4 or IPv6 address format.įor some services, the value displayed in this property might be the IP address for a trusted application (for example, Office on the web apps) calling into the service on behalf of a user and not the IP address of the device used by person who performed the activity.Īlso, for admin activity (or activity performed by a system account) for Azure Active Directory-related events, the IP address isn't logged and the value for the ClientIP property is null.Īzure Active Directory, Exchange, SharePoint The IP address of the device that was used when the activity was logged. Information about the email client that was used to perform the operation, such as a browser version, Outlook version, and mobile device information
AGENT ACTIVITY AUDIT WINDOWS
The client device, the device OS, and the device browser used for the login event (for example, Nokia Lumia 920 Windows Phone 8 IE Mobile 11). The team that the channel is located in is identified by the TeamName and TeamGuid properties. The following values indicate the type of event.ġ - Indicates an Azure application security event.
The type of Azure Active Directory event. The following values indicate the type of add-on. The type of an add-on that was added, removed, or updated in a team. The type of add-ons in Microsoft Teams is a bot, a connector, or a tab. The name of an add-on that was added, removed, or updated in a team. The user or service account that performed the action. Microsoft 365 service that has this property
AGENT ACTIVITY AUDIT HOW TO
To learn how to do this, see Export, configure, and view audit log records. This lets you sort and filter on one or more of these properties. You can use the JSON transform feature in Power Query in Excel to split the AuditData column into multiple columns so that each property has its own column. For more detailed information about these properties or about properties that may not be listed in this topic, see Management Activity API Schema.
The Office 365 service that has this property column indicates the service and type of activity (user or admin) that includes the property.
The following table describes the properties that are included (depending on the service in which an event occurs) in the multi-property AuditData column. Each of the property: value pairs in this multi-value property are separated by a comma. This column contains a multi-value property for multiple properties from the audit log record. This file contains additional information from each audit record in a column named AuditData. When your export all results for an audit log search, the raw data from the unified audit log is copied to a comma-separated value (CSV) file that is downloaded to your local computer. For more information, see Search the audit log.
AGENT ACTIVITY AUDIT DOWNLOAD
You do this by selecting Export results > Download all results on the Audit log search page. When you export the results of an audit log search from the Microsoft Purview compliance portal, you have the option to download all the results that meet your search criteria.
0 kommentar(er)
