cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
davidchr
New Member

Configure Oauth to connect to O365 Audit logs

Im using the following template: Monitor Office 365 audit logs for specific details and send alerts

 

https://preview.flow.microsoft.com/en-us/galleries/public/templates/4a7ea95259f1404e95855f6b053360b1...

 

But since this is production I cannot use Basic Auth.  I'll be the first to admit that OAuth is out of my depth and I was looking for assistance on how to configure the advanced options of the HTTP segment within this flow.  (FYI...all prior steps within this flow are successful).   I was using the following but its not working:

 

URI-- https://outlook.office365.com/psws/service.svc/UnifiedAuditLog?StartDate=12/16/2020&EndDate=12/17/20...

authentication:  Active Directory OAuth

Authority:  I've left this blank and I've also tried https://manage.office.com (taking this from a custom connector configuration used with the CoE Starter Kit).

I then enter my tenant GUID and the Application ID for the Audience and Client ID fields.  Finally I add the App secret.

 

Any help would be greatly appreciated.

 

Dave

 

 
 

 

 

2 REPLIES 2
Expiscornovus
Dual Super User
Dual Super User

Hi @davidchr,

 

As far as I am aware this sample is based on the PowerShell Search-UnifiedAuditLog Webservice sample, which is using Exchange Online PowerShell.

 

I think they are still working on that Modern Auth stuff, so I am not sure if this endpoint already works with Modern Auth, to be honest.

https://docs.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps

 

An alternative you could use the Microsoft 365 Management Activity API, that one should be able to work with an registered Azure Ad app: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api...

colonel_claypoo
Advocate II
Advocate II

I'm facing the same issue now.

Always getting a 401 permission error, even with Azure app.

 

I can get ExchangeOnline V2 to authenticate via Azure app in PowerShell but that doesn't help as not cmdlets are available to do what could be done through https://outlook.office365.com/psws/service.svc/UnifiedAuditLog.

 

Got the Office 365 Management API to partly work but (subscription and initial content call) but there seems to be no filter and it always returns thousands of objects and it's not feasible to get an activity from like 60 days back like the 90 days we were able from the https://outlook.office365.com/psws/service.svc/UnifiedAuditLog API.

 

Anyone know of a way?

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power automate tips 768x460 v2.png

Restore a Deleted Flow

Did you know that you could restore a deleted flow? Check out this helpful article.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

Users online (2,414)