Document Details
View Audit Logs
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
missing_linux_example
windows_tools
Summary
The documentation provides only a PowerShell script example for programmatically accessing audit logs via the Microsoft Entra reporting API. There are no equivalent examples using Linux-native tools (such as curl, wget, or Python), nor are there references to Bash or shell scripting. The script assumes familiarity with PowerShell, which is primarily a Windows tool, and suggests using Azure Cloud Shell (which does support PowerShell, but Bash is also available). This creates a bias toward Windows users and may hinder Linux users or those preferring cross-platform scripting.
Recommendations
- Provide equivalent examples using Bash shell scripting with curl or wget to demonstrate how to access the API and process results on Linux or macOS.
- Include a Python example for querying the Microsoft Graph API, as Python is cross-platform and widely used.
- Explicitly mention that the API can be accessed from any platform and that PowerShell is just one option.
- Add a note or section on using Azure CLI or other cross-platform tools where applicable.
- Reorder or parallelize examples so that Windows and Linux approaches are presented together, or alternate which comes first.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-12 00:00 | #243 | cancelled |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
 Clean
|
| 2026-01-08 00:00 | #228 | cancelled |
Clean
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-09-16 00:00 | #113 | completed |
Biased
|
| 2025-09-15 00:00 | #112 | completed |
Biased
|
| 2025-09-14 00:00 | #111 | completed |
Biased
|
| 2025-09-13 00:00 | #110 | completed |
Biased
|
| 2025-09-12 00:00 | #109 | completed |
Biased
|
| 2025-09-11 00:00 | #108 | completed |
Biased
|
| 2025-09-09 00:00 | #106 | completed |
Biased
|
| 2025-08-14 00:01 | #80 | cancelled |
Biased
|
| 2025-07-13 21:25 | #47 | cancelled |
Clean
|
| 2025-07-13 21:17 | #46 | cancelled |
Clean
|
| 2025-07-13 20:48 | #44 | cancelled |
Biased
|
| 2025-07-13 20:32 | #43 | cancelled |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
Flagged Code Snippets
# This script requires an application registration that's granted Microsoft Graph API permission
# https://learn.microsoft.com/azure/active-directory-b2c/microsoft-graph-get-started
# Constants
$ClientID = "your-client-application-id-here" # Insert your application's client ID, a GUID
$ClientSecret = "your-client-application-secret-here" # Insert your application's client secret value
$tenantdomain = "your-b2c-tenant.onmicrosoft.com" # Insert your Azure AD B2C tenant domain name
$loginURL = "https://login.microsoftonline.com"
$resource = "https://graph.microsoft.com" # Microsoft Graph API resource URI
$7daysago = "{0:s}" -f (get-date).AddDays(-7) + "Z" # Use 'AddMinutes(-5)' to decrement minutes, for example
Write-Output "Searching for events starting $7daysago"
# Create HTTP header, get an OAuth2 access token based on client id, secret and tenant domain
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
# Parse audit report items, save output to file(s): auditX.json, where X = 0 through n for number of nextLink pages
if ($oauth.access_token -ne $null) {
$i=0
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$url = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=loggedByService eq 'B2C' and activityDateTime gt " + $7daysago
# loop through each query page (1 through n)
Do {
# display each event on the console window
Write-Output "Fetching data using Uri: $url"
$myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url)
foreach ($event in ($myReport.Content | ConvertFrom-Json).value) {
Write-Output ($event | ConvertTo-Json)
}
# save the query page to an output file
Write-Output "Save the output to a file audit$i.json"
$myReport.Content | Out-File -FilePath audit$i.json -Force
$url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
$i = $i+1
} while($url -ne $null)
} else {
Write-Host "ERROR: No Access Token"
}