I am trying to get some support from Microsoft because I am not seeing all the login data I see in the Azure AD Console via the O365 Module. They would like to know what URI the module is using for API calls and I am not seeing it listed, other than generically using manage.office.com.
Is that something someone could point me to, so I can use a Powershell script to test the audit data?
Some questions get more traction than others for different reasons.
But to answer your question, the O365 Module uses the Office 365 Management Activity API, which from Microsoft documentation uses the manage.office.com, that you already knew.
The module documentation also refers to the same endpoint, if you do not edit those configuration in your module it will use the default endpoint which is also manage.office.com, you can check it in the code.
So, the O365 uses the manage.office.com endpoint to collect data, there is no other URL for the API.
If you want to check further, the code for the input is here.
Thanks, I am sorry to be blunt, but I am trying to work with Microsoft to see why I am not getting all the login data via the Elastic Beat Module for O365. I used the Microsoft Management API and it is setup correctly from what I can see per documentation; however, I am missing out on Exchange Logins mostly.
Since we pay for support via them, I opened a ticket and wanted to see if they are shipping all relevant data and if I missed something on the oAuth App configure side. They would like me to get the API call URI so I can test output in Powershell, but I really do not know what you all are using. From your Code I guess I am not able to read it well enough.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.