View Audit Logs - Document Details

Bias Analysis

Bias Types:

⚠️ powershell_heavy

⚠️ missing_linux_example

⚠️ windows_tools

Summary:

The documentation provides only a PowerShell script example for programmatically accessing audit logs, with no equivalent example for Linux users (e.g., Bash/cURL). The script assumes use of PowerShell, which is traditionally a Windows tool, and there is no mention of Linux-native tools or cross-platform alternatives. This may disadvantage users on Linux or macOS platforms.

Recommendations:

Add a Bash/cURL example for querying the Microsoft Graph API to retrieve audit logs, demonstrating how to authenticate and paginate results.
Explicitly mention that PowerShell Core is cross-platform and can be used on Linux/macOS, or provide installation instructions for non-Windows users.
Where possible, provide both Windows (PowerShell) and Linux (Bash/cURL or Python) script examples side by side.
Reference Linux-native tools (e.g., jq for JSON processing) in the context of handling API responses.
Clarify in the documentation that the API can be accessed from any platform, not just Windows, and provide guidance for Linux users.

Create pull request

Scan History

Date	Scan ID	Status	Bias Status
2025-09-16 00:00	#113	completed	❌ Biased
2025-09-15 00:00	#112	completed	❌ Biased
2025-09-14 00:00	#111	completed	❌ Biased
2025-09-13 00:00	#110	completed	❌ Biased
2025-09-12 00:00	#109	completed	❌ Biased
2025-09-11 00:00	#108	completed	❌ Biased
2025-09-09 00:00	#106	completed	❌ Biased
2025-08-14 00:01	#80	in_progress	❌ Biased
2025-07-13 21:25	#47	cancelled	✅ Clean
2025-07-13 21:17	#46	cancelled	✅ Clean
2025-07-13 20:48	#44	cancelled	❌ Biased
2025-07-13 20:32	#43	cancelled	❌ Biased
2025-07-09 13:09	#3	cancelled	✅ Clean
2025-07-08 04:23	#2	cancelled	❌ Biased

Flagged Code Snippets

# This script requires an application registration that's granted Microsoft Graph API permission # https://learn.microsoft.com/azure/active-directory-b2c/microsoft-graph-get-started # Constants $ClientID = "your-client-application-id-here" # Insert your application's client ID, a GUID $ClientSecret = "your-client-application-secret-here" # Insert your application's client secret value $tenantdomain = "your-b2c-tenant.onmicrosoft.com" # Insert your Azure AD B2C tenant domain name $loginURL = "https://login.microsoftonline.com" $resource = "https://graph.microsoft.com" # Microsoft Graph API resource URI $7daysago = "{0:s}" -f (get-date).AddDays(-7) + "Z" # Use 'AddMinutes(-5)' to decrement minutes, for example Write-Output "Searching for events starting $7daysago" # Create HTTP header, get an OAuth2 access token based on client id, secret and tenant domain $body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret} $oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body # Parse audit report items, save output to file(s): auditX.json, where X = 0 through n for number of nextLink pages if ($oauth.access_token -ne $null) { $i=0 $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"} $url = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=loggedByService eq 'B2C' and activityDateTime gt " + $7daysago # loop through each query page (1 through n) Do { # display each event on the console window Write-Output "Fetching data using Uri: $url" $myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url) foreach ($event in ($myReport.Content | ConvertFrom-Json).value) { Write-Output ($event | ConvertTo-Json) } # save the query page to an output file Write-Output "Save the output to a file audit$i.json" $myReport.Content | Out-File -FilePath audit$i.json -Force $url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink' $i = $i+1 } while($url -ne $null) } else { Write-Host "ERROR: No Access Token" }

Document Details

About This Page

Bias Analysis

Scan History

Flagged Code Snippets