Microsoft Graph Audit Logs

Microsoft Graph Audit Logs provide a unified, programmatic way to access and analyze activity and sign-in data from Microsoft Entra ID (Azure Active Directory) and related Microsoft 365 services. Through the Microsoft Graph API, you can query directory audit events (changes to users, groups, apps, roles, policies), user and app sign-in events (including details like time, location, device, conditional access outcome, and risk signals), and provisioning events (account lifecycle actions). This enables security monitoring, incident investigation, compliance reporting, and operational troubleshooting, with support for filtering, sorting, and time-bound queries. Retention periods and available fields depend on your tenants licensing and configuration, and the data can be exported or integrated into SIEM and automation workflows.