You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api.md
+8-10Lines changed: 8 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,17 +8,17 @@ ms.service: active-directory
8
8
ms.topic: how-to
9
9
ms.workload: identity
10
10
ms.subservice: report-monitor
11
-
ms.date: 12/08/2022
11
+
ms.date: 01/11/2023
12
12
ms.author: sarahlipsey
13
-
ms.reviewer: dhanyahk
13
+
ms.reviewer: besiler
14
14
15
15
ms.collection: M365-identity-device-management
16
16
---
17
17
# Prerequisites to access the Azure Active Directory reporting API
18
18
19
19
The Azure Active Directory (Azure AD) [reporting APIs](/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0) provide you with programmatic access to the data through a set of REST APIs. You can call these APIs from many programming languages and tools. The reporting API uses [OAuth](../../api-management/api-management-howto-protect-backend-with-aad.md) to authorize access to the web APIs.
20
20
21
-
This article describes how to enable MS Graph to access the Azure AD reporting APIs in the Azure portal and through PowerShell
21
+
This article describes how to enable Microsoft Graph to access the Azure AD reporting APIs in the Azure portal and through PowerShell
22
22
23
23
## Roles and license requirements
24
24
@@ -30,14 +30,12 @@ To get access to the reporting data through the API, you need to have one of the
30
30
31
31
In order to access the sign-in reports for a tenant, an Azure AD tenant must have associated Azure AD Premium P1 or P2 license. Alternatively if the directory type is Azure AD B2C, the sign-in reports are accessible through the API without any additional license requirement.
32
32
33
-
Registration is needed even if you're accessing the reporting API using a script. The registration gives you an **Application ID**, which is required for the authorization calls and enables your code to receive tokens.
34
-
35
-
To configure your directory to access the Azure AD reporting API, you must sign in to the [Azure portal](https://portal.azure.com) in one of the required roles.
33
+
Registration is needed even if you're accessing the reporting API using a script. The registration gives you an **Application ID**, which is required for the authorization calls and enables your code to receive tokens. To configure your directory to access the Azure AD reporting API, you must sign in to the [Azure portal](https://portal.azure.com) in one of the required roles.
36
34
37
35
> [!IMPORTANT]
38
36
> Applications running under credentials with administrator privileges can be very powerful, so be sure to keep the application's ID and secret credentials in a secure location.
39
37
>
40
-
## App-only access
38
+
## Enable the Microsoft Graph API through the Azure portal
41
39
42
40
To enable your application to access Microsoft Graph without user intervention, you'll need to register your application with Azure AD, then grant permissions to the Microsoft Graph API. This article covers the steps to follow in the Azure portal.
43
41
@@ -83,13 +81,13 @@ Once you have the app registration configured, you can run activity log queries
83
81
1. Use one of the following queries to start using Microsoft Graph for accessing activity logs:
84
82
- GET `https://graph.microsoft.com/v1.0/auditLogs/directoryAudits`
85
83
- GET `https://graph.microsoft.com/v1.0/auditLogs/signIns`
86
-
- For more information on Microsoft Graph queries for activity logs, see [Activity reports API overview](/graph/api/resources/azuread-auditlog-overview?view=graph-rest-1.0)
84
+
- For more information on Microsoft Graph queries for activity logs, see [Activity reports API overview](/graph/api/resources/azuread-auditlog-overview)
87
85
88
86
89
87
90
88
## Access the reporting API through PowerShell
91
89
92
-
To use PowerShell to access the Azure AD reporting API, you'll need to gather a few configuration settings:
90
+
To use PowerShell to access the Azure AD reporting API, you'll need to gather a few configuration settings. These settings were created as a part of the [app registration process](#register-an-azure-ad-application).
93
91
94
92
- Tenant ID
95
93
- Client app ID
@@ -118,7 +116,7 @@ Microsoft Graph PowerShell cmdlets:
- Explore the full list of [reporting related Microsoft Graph PowerShell cmdlets](powershell/module/microsoft.graph.reports/?view=graph-powershell-1.0).
119
+
- Explore the full list of [reporting related Microsoft Graph PowerShell cmdlets](powershell/module/microsoft.graph.reports).
0 commit comments