diff --git a/documentation/Get-PnPUnifiedAuditLog.md b/documentation/Get-PnPUnifiedAuditLog.md index a2edb5552..9c22235a8 100644 --- a/documentation/Get-PnPUnifiedAuditLog.md +++ b/documentation/Get-PnPUnifiedAuditLog.md @@ -13,9 +13,9 @@ online version: https://pnp.github.io/powershell/cmdlets/Get-PnPUnifiedAuditLog. **Required Permissions** - * Microsoft Office 365 Management API: ActivityFeed.Read + * Microsoft Office 365 Management API: ActivityFeed.Read, Microsoft Office 365 Management API: ActivityFeed.ReadDlp, Microsoft Office 365 Management API: ActivityReports.Read, Microsoft Office 365 Management API: ServiceHealth.Read and Microsoft Office 365 Management API:ThreatIntelligence.Read -Gets unified audit logs from the Office 365 Management API. Requires the Azure Active Directory application permission 'ActivityFeed.Read'. +Gets unified audit logs from the Office 365 Management API. Requires the Azure Entra application permission 'ActivityFeed.Read', 'ActivityFeed.ReadDlp', 'ActivityReports.Read', 'ServiceHealth.Read' and 'ThreatIntelligence.Read'. ## SYNTAX @@ -40,6 +40,7 @@ Retrieves the audit logs of SharePoint happening between the current time yester ## PARAMETERS ### -ContentType + Content type of logs to be retrieved, should be one of the following: AzureActiveDirectory, Exchange, SharePoint, General, DLP. ```yaml @@ -55,7 +56,7 @@ Accept wildcard characters: False ``` ### -EndTime -End time of logs to be retrieved. Start time and end time must both be specified (or both omitted) and must be less than or equal to 24 hours apart. +End time of logs to be retrieved. Start time and end time must both be specified (or both omitted) and must be less than or equal to 24 hours apart. If passed as a string this should be defined as a valid ISO 8601 string (2024-01-16T18:28:48.6964197Z). ```yaml Type: DateTime @@ -69,7 +70,7 @@ Accept wildcard characters: False ``` ### -StartTime -Start time of logs to be retrieved. Start time and end time must both be specified (or both omitted) and must be less than or equal to 24 hours apart, with the start time prior to end time and start time no more than 7 days in the past. +Start time of logs to be retrieved. Start time and end time must both be specified (or both omitted) and must be less than or equal to 24 hours apart, with the start time prior to end time and start time no more than 7 days in the past. If passed as a string this should be defined as a valid ISO 8601 string (2024-01-16T18:28:48.6964197Z). ```yaml Type: DateTime diff --git a/src/Commands/ManagementApi/GetUnifiedAuditLog.cs b/src/Commands/ManagementApi/GetUnifiedAuditLog.cs index 20c07fa10..20ae5ee66 100644 --- a/src/Commands/ManagementApi/GetUnifiedAuditLog.cs +++ b/src/Commands/ManagementApi/GetUnifiedAuditLog.cs @@ -11,7 +11,7 @@ namespace PnP.PowerShell.Commands.ManagementApi { [Cmdlet(VerbsCommon.Get, "PnPUnifiedAuditLog")] - [RequiredMinimalApiPermissions("https://manage.office.com/ActivityFeed.Read")] + [RequiredMinimalApiPermissions("https://manage.office.com/ActivityFeed.Read","https://manage.office.com/ActivityFeed.ReadDlp","https://manage.office.com/ServiceHealth.Read","https://manage.office.com/ActivityReports.Read","https://manage.office.com/ThreatIntelligence.Read")] [OutputType(typeof(ManagementApiUnifiedLogRecord))] public class GetUnifiedAuditLog : PnPOfficeManagementApiCmdlet { diff --git a/src/Commands/Resources/O365ManagementPermissions.json b/src/Commands/Resources/O365ManagementPermissions.json index 55d72901e..aaccccfda 100644 --- a/src/Commands/Resources/O365ManagementPermissions.json +++ b/src/Commands/Resources/O365ManagementPermissions.json @@ -29,6 +29,26 @@ "consentDescription": "Allows the application to read service health information for your organization.", "consentDisplayName": "Read service health information for your organization", "value": "ServiceHealth.Read" + }, + { + "adminConsentDescription": "Allows the application to read service health information for your organization.", + "adminConsentDisplayName": "Read activity reports for your organization", + "id": "b3b78c39-cb1d-4d17-820a-25d9196a800e", + "isEnabled": true, + "isAdmin": true, + "consentDescription": "Allows the application to read service health information for your organization.", + "consentDisplayName": "Read service health information for your organization", + "value": "ActivityReports.Read" + }, + { + "adminConsentDescription": "Allows the application to read threat intelligence data for your organization", + "adminConsentDisplayName": "Read threat intelligence data for your organization", + "id": "17f1c501-83cd-414c-9064-cd10f7aef836", + "isEnabled": true, + "isAdmin": true, + "consentDescription": "Allows the application to read threat intelligence data for your organization", + "consentDisplayName": "Read threat intelligence data for your organization", + "value": "ThreatIntelligence.Read" } ], "applicationScopesList": [ @@ -61,6 +81,26 @@ "consentDescription": "Allows the application to read service health information for your organization.", "consentDisplayName": "Read service health information for your organization", "value": "ServiceHealth.Read" + }, + { + "adminConsentDescription": "Allows the application to read service health information for your organization.", + "adminConsentDisplayName": "Read activity reports for your organization", + "id": "b3b78c39-cb1d-4d17-820a-25d9196a800e", + "isEnabled": true, + "isAdmin": true, + "consentDescription": "Allows the application to read service health information for your organization.", + "consentDisplayName": "Read service health information for your organization", + "value": "ActivityReports.Read" + }, + { + "adminConsentDescription": "Allows the application to read threat intelligence data for your organization", + "adminConsentDisplayName": "Read threat intelligence data for your organization", + "id": "17f1c501-83cd-414c-9064-cd10f7aef836", + "isEnabled": true, + "isAdmin": true, + "consentDescription": "Allows the application to read threat intelligence data for your organization", + "consentDisplayName": "Read threat intelligence data for your organization", + "value": "ThreatIntelligence.Read" } ] } \ No newline at end of file