Report directory activity in a tenant - directorcia/Office365 GitHub Wiki

PowerShell Script for Directory Audit Logs Retrieval

This PowerShell script is designed to retrieve and report on directory audit logs from a Microsoft 365 tenant using the Microsoft Graph API. Here's a detailed explanation of its operation:

Error Handling

The script includes a catch block to handle exceptions.
If an error occurs during the execution of the preceding code (not visible in the provided excerpt), it prints the error message in red and exits the script.

Output the Sign-ins

The script processes the $results variable, which contains the directory audit logs retrieved from Microsoft Graph.
It selects specific properties:
- Loggedbyservice
- Activitydisplayname
- Result
- Operationtype
- Category
- Activitydatetime
It formats and displays these selected properties in a table using Format-Table -AutoSize.

Export to CSV

If the $csv parameter is set, the script:
- Prints a message indicating that it is outputting the data to a CSV file.
- Exports the $results to the specified $outputFile in CSV format without type information using export-csv.

Finishing Up

The script prints a message indicating that the Graph devices script has finished.
If the $debug parameter is set, it stops the transcript logging using Stop-Transcript.

Summary

The primary purpose of this script is to:

Connect to Microsoft Graph.
Retrieve directory audit logs.
Display or export this information in a user-friendly format.

The script ensures proper error handling and provides feedback to the user through optional prompts and debug messages.