DirectoryAudits
Tracks and lists all directory audit events accessible to the authenticated user for compliance and monitoring.
Table Specific Information
Select
Most filters are handled server side, but the specific field of Id will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition.
For example:
SELECT * FROM DirectoryAudits WHERE Id = 'Directory_2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785'
SELECT * FROM DirectoryAudits WHERE Id IN ('Directory_2183313c-ac52-4772-8482-7b2eb2a5d7c9_LBZWQ_311068785')
SELECT * FROM DirectoryAudits WHERE ActivityDisplayName LIKE '%Update%'
Columns
| Name | Type | Description |
| id [KEY] | String | The unique identifier for the DirectoryAudit entry, used to distinguish each audit record. |
| activityDateTime | Datetime | The date and time when the activity occurred, recorded in UTC. |
| activityDisplayName | String | The name of the activity or operation that was logged in the DirectoryAudit. |
| additionalDetails | String | Additional information or metadata about the activity, providing context or supplementary data. |
| category | String | The category of the activity, indicating the type of event (for example, user management, application management). |
| correlationId | String | The unique identifier for correlating this activity with related events across services. |
| initiatedBy_app_appid | String | The unique identifier of the application that initiated the activity, if applicable. |
| initiatedBy_app_displayName | String | The display name of the application that initiated the activity, providing a user-friendly identifier. |
| initiatedBy_app_servicePrincipalId | String | The service principal ID of the application that initiated the activity, used for authentication and authorization. |
| initiatedBy_app_servicePrincipalName | String | The service principal name of the application that initiated the activity, giving additional context about the app. |
| loggedByService | String | The name of the Azure service that logged this DirectoryAudit entry. |
| operationType | String | The type of operation performed (for example, CREATE, UPDATE, DELETE), providing high-level information about the activity. |
| result | String | The outcome of the activity, such as success or failure. |
| resultReason | String | The reason for the activity's result, offering details about any errors or issues encountered. |
| targetResources | String | Details about the resources targeted by this activity, including resource type and identifier. |