✖

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Configuring REST API

How to use Office 365 Management Activity API to fetch SharePoint Online audit logs

Builds 4500 and lower use the Search-UnifiedAuditLog script to fetch SharePoint Online audit logs. Using this PowerShell script has sometimes caused data inconsistencies for a few users. Starting with build 4501, users can choose to use the Office 365 Management Activity API instead to avoid missing any data.

This requires configuring an Azure application to enable data collection. In older builds, SharePoint Online could be configured using only a service account. Newer builds introduced Azure application support for improved accuracy and enhanced features.

Follow the steps below to use this API to fetch the audit data.

If the Azure application is not configured,
- Create Azure application manually and update it on SharePoint Manager Plus.
  - Navigate to Admin > Configuration > Microsoft 365.
  - Click the icon on the tenant and change the Authentication Type to Azure Application.
  - Update the details and click Save.
If the Azure application is already configured, follow the steps below:
- Connect to the database console:
  - For builds 4503 or above, contact support to get the files required to connect to the database and store them in the <product-installation-directory>/bin folder.
  - For builds 4502 or below, the connectDB.bat file will be available in the <product-installation-directory>/bin folder. Contact support to get the database password.
- Get the Azure application client ID:
  - Open connectDB.bat from <product-installation-directory>/bin and run the following query to get the Client ID of your Azure application:
    - Select farm_id, client_id from AzureAppCredentials;
- Open the Azure portal and navigate to Microsoft Entra ID → App Registrations → All applications.
- Search with your Client ID and open the application.
- Open API permissions and click Add a permission.
- In the pop-up, navigate to Office 365 Management APIs → Application permissions.
- Select ActivityFeed.Read and click Add permissions.
- Click on Grant admin consent for <Your Company> and give confirmation.
- Run the database query below in the connectDB console.
  - Update onlineprofiles set audit_type=4;
- Restart SharePoint Manager Plus to apply the changes.

Previous Topic Next Topic