I am just trying to create a test app which can download AD logs(looking for logins/logout specifically) using the python Management activity api . I wish to use client credentials flow for this and have uploaded a certificate for the same. Authentication is successful and I get the JWT token.
I am able to subscribe to Azure Ad content.
GET /api/v1.0/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/activity/feed/subscriptions/list HTTP/1.1
[{u'status': u'enabled', u'webhook': None, u'contentType': u'Audit.Exchange'}, {u'status': u'enabled', u'webhook': None, u'contentType': u'Audit.AzureActiveDirectory'}]
But there is no content available for me to download.
GET /api/v1.0/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory HTTP/1.1
This yields an empty response with 200 ok.
I am wondering what is missing at my end to be able to download the logs.Has anybody faced similar issue?
It sounds like you want to donwload some audit logs of Azure AD as the offical document Azure Active Directory audit report events said as the AAD audit report events.
So you need to follow the offical tutorial Getting started with the Azure Active Directory reporting API to get these audit report events. But according to the audit api reference, the API Endpoint should be like as below, not your current used.
As references in the get started tutorial, although almost sample codes written in PowerShell, there is a python sample code which you can refer to, and then follow to rewrite others in Python easily.
Hope it helps. Any concern, please feel free to let me know.