Does the Azure AD audit log API work for Azure US Government tenants?

249 views Asked by At

I cannot retrieve any signIn data from our Azure US Gov tenant with the following Powershell:

$ClientID = "<my app id>"
$ClientSecret = "<app key>"
$loginURL = "https://login.microsoftonline.us"
$tenantdomain = "<my tenant name>"
$scope = "https://graph.microsoft.com/.default" 
$body = @{grant_type="client_credentials";client_id=$ClientID;client_secret=$ClientSecret;scope=$scope}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/v2.0/token -Body $body  
$url = "https://graph.microsoft.com/beta/auditLogs/signIns"
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url

We have AAD P2 licenses and the application has the required permissions to read the audit log data.

The same code works against our commercial tenant (after modifying the $loginURL appropriately.

I know the API is still beta, but I was hoping someone can confirm if it should or should not work against a Gov tenant.

I do not receive any errors, I just receive no data:

Content : {"@odata.context":"https://graph.microsoft.com/beta/$metadata#auditLogs/signIns","value":[]}

Any help appreciated!

1

There are 1 answers

2
Bernie Ellis On BEST ANSWER

We'll have this update documented publicly soon at our Azure Government developer endpoint mapping, but can you try graph.microsoft.us as the Microsoft Graph endpoint?

Also, the sign-in activity API isn't currently available in Azure Government and we are working on a date for that. However, the audit API (beta/auditLogs/directoryAudits) should be returning data with the graph.microsoft.us endpoint.

Can you confirm that this works for you?

Thanks, Bernie