Im using the following template: Monitor Office 365 audit logs for specific details and send alerts
But since this is production I cannot use Basic Auth. I'll be the first to admit that OAuth is out of my depth and I was looking for assistance on how to configure the advanced options of the HTTP segment within this flow. (FYI...all prior steps within this flow are successful). I was using the following but its not working:
authentication: Active Directory OAuth
Authority: I've left this blank and I've also tried https://manage.office.com (taking this from a custom connector configuration used with the CoE Starter Kit).
I then enter my tenant GUID and the Application ID for the Audience and Client ID fields. Finally I add the App secret.
Any help would be greatly appreciated.
As far as I am aware this sample is based on the PowerShell Search-UnifiedAuditLog Webservice sample, which is using Exchange Online PowerShell.
I think they are still working on that Modern Auth stuff, so I am not sure if this endpoint already works with Modern Auth, to be honest.
An alternative you could use the Microsoft 365 Management Activity API, that one should be able to work with an registered Azure Ad app: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api...
I'm facing the same issue now.
Always getting a 401 permission error, even with Azure app.
I can get ExchangeOnline V2 to authenticate via Azure app in PowerShell but that doesn't help as not cmdlets are available to do what could be done through https://outlook.office365.com/psws/service.svc/UnifiedAuditLog.
Got the Office 365 Management API to partly work but (subscription and initial content call) but there seems to be no filter and it always returns thousands of objects and it's not feasible to get an activity from like 60 days back like the 90 days we were able from the https://outlook.office365.com/psws/service.svc/UnifiedAuditLog API.
Anyone know of a way?