Monitoring and exporting administrative activities in your Microsoft 365 environment is crucial for maintaining security and compliance. In this article, we will walk you through the process of exporting Microsoft 365 admin activities using PowerShell.
Prerequisites
Before getting started, ensure you meet the following prerequisites:
- Microsoft 365 PowerShell Modules: You need to install the Microsoft 365 PowerShell modules, including
Exchange Online PowerShell V2andMicrosoft 365 Compliance Center. - Authorized User Account: You must have a user account with sufficient permissions to view and export admin activities.
Step 1: Install and Import PowerShell Modules
The first step is to install and import the necessary PowerShell modules. Run the following commands:
Eğer oluşan bu çıktıyı export etmek isterseniz, yine bir export ps1 calıstırmanız gerekmektedir.
# Install the Exchange Online PowerShell V2 module
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Force
# Install the Microsoft 365 Compliance Center module
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Force
# Import the modules
Import-Module ExchangeOnlineManagement
Import-Module Microsoft.Online.SharePoint.PowerShell
Step 2: Connect to Microsoft 365
After installing the modules, connect to your Microsoft 365 environment using the following commands:
# Connect to Exchange Online
$UserCredential = Get-Credential
Connect-ExchangeOnline -Credential $UserCredential
# Connect to Microsoft 365 Compliance Center
Connect-IPPSSession -Credential $UserCredential
Step 3: Query Admin Activities
To query Microsoft 365 admin activities, use the Search-UnifiedAuditLog cmdlet. This cmdlet allows you to search for administrative activities across various Microsoft 365 services and to export the query results to a CSV file, use the Export-Csv cmdlet:
Here is an example query:
# Gerekli parametreleri belirleyin
$StartDate = (Get-Date).AddDays(-30) # Son 30 günü sorgular
$EndDate = Get-Date
$RecordTypes = @(“ExchangeAdmin”, “AzureActiveDirectory”) # Yönetici aktiviteleri
# Her bir RecordType için Audit Log’u sorgulayın ve dışa aktarın
foreach ($RecordType in $RecordTypes) {
$AuditLogs = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -RecordType $RecordType -ResultSize 5000
# Sonuçları işleyerek DisplayName’i ekleyin ve dışa aktarın
$AuditLogs | Select-Object -Property CreationDate, UserIds, Operations, AuditData, DisplayName | Export-Csv -Path “C:\AdminActivities_$RecordType.csv” -NoTypeInformation
}
Conclusion
In this article, you learned how to export Microsoft 365 admin activities using PowerShell. By performing this task regularly, you can monitor admin activities and meet your security and compliance requirements.
For more customization or specific activities, refer to the documentation for the Search-UnifiedAuditLog cmdlet.
