Document Details
View Audit Logs
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
missing_linux_example
windows_tools
windows_first
Summary
The documentation page demonstrates a Windows bias by providing only a PowerShell script for programmatic access to audit logs, with no equivalent example for Linux or cross-platform environments (such as Bash/cURL or Python). The script assumes use of PowerShell and Windows-centric tooling, and the Azure Cloud Shell reference implicitly favors PowerShell. There is no mention of Linux-native tools or cross-platform scripting approaches, nor are Linux examples provided alongside the Windows/PowerShell example.
Recommendations
- Provide a Bash/cURL example for accessing the Microsoft Graph API to retrieve audit logs, suitable for Linux and macOS users.
- Include a Python script example, which is cross-platform and widely used for automation.
- Explicitly mention that the API can be accessed from any OS, and link to relevant SDKs or CLI tools (e.g., Microsoft Graph CLI, Azure CLI) that work on Linux.
- When presenting scripts, offer both Windows (PowerShell) and Linux (Bash/cURL or Python) versions side by side.
- Avoid language that implies PowerShell is the only or primary way to automate these tasks.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-12 00:00 | #243 | cancelled |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
 Clean
|
| 2026-01-08 00:00 | #228 | cancelled |
Clean
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-09-16 00:00 | #113 | completed |
Biased
|
| 2025-09-15 00:00 | #112 | completed |
Biased
|
| 2025-09-14 00:00 | #111 | completed |
Biased
|
| 2025-09-13 00:00 | #110 | completed |
Biased
|
| 2025-09-12 00:00 | #109 | completed |
Biased
|
| 2025-09-11 00:00 | #108 | completed |
Biased
|
| 2025-09-09 00:00 | #106 | completed |
Biased
|
| 2025-08-14 00:01 | #80 | cancelled |
Biased
|
| 2025-07-13 21:25 | #47 | cancelled |
Clean
|
| 2025-07-13 21:17 | #46 | cancelled |
Clean
|
| 2025-07-13 20:48 | #44 | cancelled |
Biased
|
| 2025-07-13 20:32 | #43 | cancelled |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
Flagged Code Snippets
# This script requires an application registration that's granted Microsoft Graph API permission
# https://learn.microsoft.com/azure/active-directory-b2c/microsoft-graph-get-started
# Constants
$ClientID = "your-client-application-id-here" # Insert your application's client ID, a GUID
$ClientSecret = "your-client-application-secret-here" # Insert your application's client secret value
$tenantdomain = "your-b2c-tenant.onmicrosoft.com" # Insert your Azure AD B2C tenant domain name
$loginURL = "https://login.microsoftonline.com"
$resource = "https://graph.microsoft.com" # Microsoft Graph API resource URI
$7daysago = "{0:s}" -f (get-date).AddDays(-7) + "Z" # Use 'AddMinutes(-5)' to decrement minutes, for example
Write-Output "Searching for events starting $7daysago"
# Create HTTP header, get an OAuth2 access token based on client id, secret and tenant domain
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
# Parse audit report items, save output to file(s): auditX.json, where X = 0 through n for number of nextLink pages
if ($oauth.access_token -ne $null) {
$i=0
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$url = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=loggedByService eq 'B2C' and activityDateTime gt " + $7daysago
# loop through each query page (1 through n)
Do {
# display each event on the console window
Write-Output "Fetching data using Uri: $url"
$myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url)
foreach ($event in ($myReport.Content | ConvertFrom-Json).value) {
Write-Output ($event | ConvertTo-Json)
}
# save the query page to an output file
Write-Output "Save the output to a file audit$i.json"
$myReport.Content | Out-File -FilePath audit$i.json -Force
$url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
$i = $i+1
} while($url -ne $null)
} else {
Write-Host "ERROR: No Access Token"
}