命名空间:microsoft.graph.security
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
表示审核日志条目,其中包含特定于 Microsoft 365 服务的标准审核属性和 auditData。
方法
| 方法 | 返回类型 | Description |
|---|---|---|
| List | auditLogRecord 集合 | 获取 auditLogRecord 对象及其属性的列表。 |
属性
| 属性 | 类型 | 说明 |
|---|---|---|
| administrativeUnits | 字符串集合 | 标记为审核日志记录的管理单元。 |
| auditData | microsoft.graph.security.auditData | 包含实际审核日志数据的 JSON 对象。 |
| auditLogRecordType | microsoft.graph.security.auditLogRecordType | 记录指示的操作类型。 可能的值为:、、、、、exchangeItemGroupsharePointFileOperationsyntheticProbesharePointazureActiveDirectoryoneDrive、、 microsoftTeamsDevicehrSignalmicrosoftTeamsAdminsharePointContentTypeOperationsharePointFieldOperationinformationBarrierPolicyApplicationdataInsightsRestApiAudithygieneEventexchangeItemAggregatedteamsHealthcarelabelContentExplorerthreatIntelligenceAtpContentpowerAppsPlansharePointListItemOperationpowerAppsAppworkplaceAnalyticsmipLabelmicrosoftTeamsAnalyticssecurityComplianceInsightsinformationWorkerProtectiondiscoverymicrosoftTeamsskypeForBusinessCmdletsyammercrmthreatIntelligencepowerBIAuditexchangeAggregatedOperationsecurityComplianceCenterEOPCmdletmicrosoftFlowcampaignmailSubmissioncomplianceDLPSharePointClassificationmicrosoftStreamaeDthreatIntelligenceUrldataGovernancethreatFinderkaizalasecurityComplianceAlertssharePointListOperationsharePointCommentOperationprojectcomplianceDLPExchangesharePointSharingOperationswayskypeForBusinessUsersBlockedazureActiveDirectoryAccountLogonskypeForBusinessPSTNUsagedataCenterSecurityCmdletazureActiveDirectoryStsLogoncomplianceDLPSharePointexchangeItemexchangeAdmindlpEndpoint, airInvestigation, quarantine, microsoftForms, applicationAudit, complianceSupervisionExchange, customerKeyServiceEncryption, , mipAutoLabelSharePointItemofficeNativemipAutoLabelSharePointPolicyLocationmicrosoftTeamsShiftssecureScoremipAutoLabelExchangeItemcortanaBriefingsearchwdatpAlertspowerPlatformAdminDlppowerPlatformAdminEnvironmentmdatpAuditsensitivityLabelPolicyMatchsensitivityLabelActionsensitivityLabeledFileActionattackSimairManualInvestigationsecurityComplianceRBACuserTrainingairAdminActionInvestigationmsticphysicalBadgingSignalteamsEasyApprovalsaipDiscoveraipSensitivityLabelActionaipProtectionActionaipFileDeletedaipHeartBeatmcasAlertsonPremisesFileShareScannerDlponPremisesSharePointScannerDlpexchangeSearchsharePointSearchprivacyDataMinimizationlabelAnalyticsAggregatemyAnalyticsSettingssecurityComplianceUserChangecomplianceDLPExchangeClassificationcomplianceDLPEndpointmipExactDataMatchmsdeResponseActionsmsdeGeneralSettingsmsdeIndicatorsSettingsms365DCustomDetectionmsdeRolesSettingsmapgAlertsmapgPolicymapgRemediationprivacyRemediationActionprivacyDigestEmailmipAutoLabelSimulationProgressmipAutoLabelSimulationCompletionmipAutoLabelProgressFeedbackdlpSensitiveInformationType, mipAutoLabelSimulationStatistics, largeContentMetadata, microsoft365Group, cdpMlInferencingResult, filteringEntityEventdlpImportResultcdpCompliancePolicyExecutionmultiStageDispositionprivacyDataMatchhealthcareSignalfilteringEmailFeaturesfilteringDocMetadatapowerBIDlpfilteringUrlInfofilteringAttachmentInfocoreReportingSettingscomplianceConnectorconsumptionResourcepowerPlatformLockboxResourceCommandpowerPlatformLockboxResourceAccessRequestcdpPredictiveCodingLabelcdpCompliancePolicyUserFeedbackwebpageActivityEndpointomePortalscorePlatformGenericAuditRecordpowerPlatformServiceActivityfilteringTimeTravelDocMetadatamicrosoftManagedServicePlatformlabelExplorerfilteringMailSubmissionalertfilteringRuleHitsmipLabelAnalyticsAuditRecordfilteringUrlClickalertStatuscmImprovementActionChangetenantAllowBlockListcdpUnifiedFeedbackfilteringPostMailDeliveryActionfilteringMailGradingResultcaseInvestigationrecordsManagementprivacyRemediationcaseehrConnectorincidentStatuscdpDlpSensitivealertIncidentdataShareOperationpublicFolderfilteringMailMetadatacdpClassificationMailItemcdpClassificationDocumentofficeScriptsRunActionprivacyTenantAuditHistoryRecord, aipScannerDiscoverEvent, eduDataLakeDownloadOperation, m365ComplianceConnector, microsoftGraphDataConnectOperation, mdcRegulatoryComplianceAssessmentsplannerTaskListplannerTenantSettingsprojectForTheWebProjectprojectForTheWebTaskplannerPlanListprojectForTheWebRoadmapItemprojectForTheWebRoadmapprojectForTheWebProjectSettingsprojectForTheWebRoadmapSettingsquarantineMetadatamicrosoftTodoAudittimeTravelFilteringDocMetadataplannerRostersharePointAppPermissionOperationteamsQuarantineMetadatamicrosoftTeamsSensitivityLabelActionfilteringTeamsMetadatafilteringTeamsUrlInfofilteringTeamsPostDeliveryActionmicrosoftGraphDataConnectConsentattackSimAdminfilteringAtpDetonationInfofilteringRuntimeInfovivaGoalsmdaDataSecuritySignalprivacyPortalmdcSecurityConnectorsmdcRegulatoryComplianceControlsmdcRegulatoryComplianceStandardsmanagedTenantsmdcAssessmentsplannerTaskplannerCopyPlanplannerPlanms365DIncidentms365DSuppressionRulepurviewDataMapOperationfilteringUrlPostClickActionupdateQuarantineMetadataplannerRosterSensitivityLabelunifiedSimulationSummaryteamsUpdatesunifiedSimulationMatchedItemirmUserDefinedDetectionSignalfilteringDelistingMetadatamicrosoftPurviewfilteringEmailContentFeaturespowerPagesSitepowerAppsResourcecomplianceDLPSharePointClassificationExtended、microsoftDefenderForIdentityAudit、、supervisoryReviewDayXInsight、defenderExpertsforXDRAdmin、hostedRpacdpContentExplorerAggregateRecordcdpEdgeBlockedMessage、、cdpHygieneAttachmentInfo、cdpHygieneSummary、cdpPostMailDeliveryActioncdpEmailFeatures、cdpUrlClickcdpHygieneUrlInfo、cdpPackageManagerHygieneEvent、、filteringDocScan、timeTravelFilteringDocScan、 。 unknownFutureValuemapgOnboard |
| clientIp | String | 记录活动时使用的设备的 IP 地址。 IP 地址显示为 IPv4 或 IPv6 地址格式。 |
| createdDateTime | DateTimeOffset | 用户执行活动的日期和时间(以 UTC 为单位)。 |
| id | String | 报表条目的 ID。 该 ID 唯一标识报表条目。 继承自 microsoft.graph.entity。 |
| objectId | String | 对于 Exchange 管理员审核日志记录,由 cmdlet 修改的对象的名称。 对于 SharePoint 活动,是用户访问的文件或文件夹的完整 URL 路径名称。 对于Microsoft Entra活动,为已修改的用户帐户的名称。 |
| 操作 | String | 用户或管理员活动的名称。 |
| organizationId | String | 组织的 GUID。 |
| 服务 | String | 发生活动的 Microsoft 365 服务。 |
| userId | String | 执行作的用户 (作属性) 指定,导致记录被记录。 审核日志中还包括由系统帐户 ((如 SHAREPOINT\system 或 NT AUTHORITY\SYSTEM) )执行的活动的审核记录。 UserId 属性的另一个常见值是 app@sharepoint。 它指示执行活动的“用户”是在 SharePoint 中具有执行组织范围的作所需的权限的应用程序, (例如代表用户、管理员或服务搜索 SharePoint 网站或 OneDrive 帐户) 。 |
| userPrincipalName | String | 执行作的用户的 UPN。 |
| userType | microsoft.graph.security.auditLogUserType | 执行操作的用户类型。 可能的值为:regular、、adminreserved、applicationcustomPolicyservicePrincipaldcAdminsystemsystemPolicy、partnerTechnician、guest、 。 unknownFutureValue |
关系
无。
JSON 表示形式
以下 JSON 表示形式显示了资源类型。
{
"@odata.type": "#microsoft.graph.security.auditLogRecord",
"id": "String (identifier)",
"createdDateTime": "String (timestamp)",
"auditLogRecordType": "String",
"operation": "String",
"organizationId": "String",
"userType": "String",
"userId": "String",
"service": "String",
"objectId": "String",
"userPrincipalName": "String",
"clientIp": "String",
"administrativeUnits": ["String"],
"auditData": {
"@odata.type": "microsoft.graph.security.auditData"
}
}