-
Notifications
You must be signed in to change notification settings - Fork 16
Test ManagementActivityAPI.ps1
Test-ManagementActivityAPI.ps1 is a PowerShell script that can demonstrates how to connect to and interact with the Office 365 Management API.
.\Test-ManagementActivityAPI.ps1 -Start -AppId "AppId" -TenantId "TenantId" -AppSecretKey "SecretKey"
This call will start subscribing to all audit logs. To subscribe to a specific type (e.g. audit.general), you can use the -ContentType parameter. Note that it can take up to 12 hours before any data is returned from the subscription.
.\Test-ManagementActivityAPI.ps1 -Stop -AppId "AppId" -TenantId "TenantId" -AppSecretKey "SecretKey"
The above will stop the subscription meaning that no further logs will be collected.
.\Test-ManagementActivityAPI.ps1 -List -AppId "AppId" -TenantId "TenantId" -AppSecretKey "SecretKey"
This will list the current subscriptions.
.\Test-ManagementActivityAPI.ps1 -ListContent -AppId "AppId" -TenantId "TenantId" -AppSecretKey "SecretKey"
The will list all the content made available the previous day. You can add -RetrieveContent -SaveContentPath "c:\temp\auditdata" to download the available content and save it (each content blob will be written to its own file in the specified path).
-AppId: Application Id (obtained when registering the application in Azure AD.
-AppSecretKey: Application secret key (obtained when registering the application in Azure AD).
-AppAuthCertificate: Authentication certificate (certificate must include the private key as this is used to identify the application as registered in Azure).
-AppRedirectURI: Redirect URI for the application (as registered in Azure AD).
-TenantId: Tenant Id.
-PublisherId: Publisher Id (this is the tenant Id of the publisher - if specified, the publisher's quota will be used).
-Start: Start subscription. If ContentType not specified, will attempt to enable all.
-WebhookAddress: Webhook address (URL to which audit logs will be sent). Note that webhooks are no longer recommended.
-ContentType: Which audit logs do we want to retrieve? Default is general audit logs. Can be left blank when starting subscriptions to enable collection of all types.
-Stop: Stop subscription.
-List: List current subscriptions.
-ListContent: List available content.
-RetrieveContent: Retrieve available content (implies -ListContent, but retrieves the content as well as the location of the content).
-SaveContentPath: Downloaded content will be saved to this path (each content blob will be a separate text file).
-ListContentDate: Date for which to retrieve content.
-RegisterAzureApplication: If specified, the script attempts to register an application in Azure using the given parameters (and with permission to access Management API logs).
-AzureApplicationName: Name of the application to register in Azure (required when -RegisterAzureApplication specified).
-AzureApplicationRequiredPermissions: Permissions that the application will require (these are all application permissions as this script authenticates as application).
-LogFile: Log file - activity is logged to this file.
-DebugPath: HTTP trace file - all HTTP request and responses will be logged to this file.