Published: Apr 22, 2024
Key Takeaways:
- Microsoft has announced a public preview of the Purview Audit Search Graph API.
- The new API provides organizations with a more efficient and reliable way to search and retrieve audit logs.
- The Purview Audit Search Graph API is expected to hit general availability in June 2024.
Microsoft has launched its new Purview Audit Search Graph API in public preview for commercial customers. This new API allows IT administrators to programmatically search and retrieve audit logs, improving how organizations track and secure their data usage.
Microsoft Purview Audit is a feature that lets IT administrators monitor and track data usage and access within their organizations. It offers various capabilities like generating audit reports, logging data access events, and monitoring activities across data sources and platforms.
“The Microsoft Audit Search Graph API is designed to provide a more efficient and reliable way to search audit logs, making it easier for customers and partners to monitor and investigate security incidents. With this new feature, users can expect faster search times, more complete search results, and a more robust and reliable search experience,” Microsoft explained.
The new Microsoft Purview Audit Search Graph API offers various search, reliability, and performance improvements over the existing Search-UnifiedAuditLog PowerShell cmdlet. For starters, the API provides an asynchronous Audit search experience with automation capabilities for both apps and end users. It’s also designed to offer enhanced search completeness and reduce timeouts.
Microsoft has introduced new granular permissions that let security admins scope access to Audit logs. This capability supports several Audit workloads, including OneDrive, Microsoft Entra, Intune, and Exchange. Moreover, Security admins can now use 10 parameters to programmatically filter Audit logs.
The Microsoft Purview Audit Search Graph API is expected to become generally available for commercial customers in June 2024. Microsoft recommends existing customers to switch from the Search-UnifiedAuditLog cmdlet to leverage the benefits of the Audit Search Graph API.
Overall, the new Audit Search Graph API underscores Microsoft’s commitment to enhance security measures and streamline administrative tasks. This feature should enable organizations to effectively monitor and protect their enterprise environments. We invite you to check out this support page to learn more about how to use the new Audit Search Graph API.