Generate Microsoft 365 User Activity Reports with Graph PowerShell

Managing user activity in Microsoft 365 (M365) is crucial for administrators who need to ensure security, compliance, and efficient use of resources. While there isn't a direct Graph PowerShell cmdlet for this yet, you can directly use Graph API to access user activity data. This guide will walk you through the steps to generate these reports effectively.


Prerequisites

  • Graph PowerShell module installed (Microsoft.Graph).
  • Necessary Microsoft 365 admin role to access user activity reports.
  • Basic knowledge of PowerShell scripting.

Installing the Microsoft Graph PowerShell Module

If you haven't installed the Graph PowerShell module yet, you can do so by running:

Install-Module Microsoft.Graph -Scope CurrentUser


Connecting to Microsoft Graph

First, you need to connect to Microsoft Graph with the required Graph API permission "Reports.Read.All":

Connect-MgGraph -Scopes "Reports.Read.All"
You will be prompted to authenticate. Ensure you log in with an account that has sufficient permissions.


Understanding Invoke-MgGraphRequest

Invoke-MgGraphRequest Invoke-MgGraphRequest cmdlet is a versatile tool in the Microsoft Graph PowerShell module that allows you to make direct requests to the Microsoft Graph API. It supports various HTTP methods (GET, POST, PUT, DELETE) and lets you handle responses, including JSON and binary files. This cmdlet is particularly useful when specific operations are not covered by existing Graph PowerShell cmdlets, enabling you to perform advanced queries and custom API interactions.


Generating Detailed User Activity Reports

Instead of a direct cmdlet, you will use the Microsoft Graph API to fetch user activity reports. Here's how you can do it:

Fetching User Activity Data

Invoke-MgGraphRequest You can use Invoke-MgGraphRequest cmdlet to query Graph API for user activity data. For example, to get the last 7 days of user activity:

# Define the URL for the user activity report
$url = "https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D7')"

# Define the output file path
$outputFilePath = "C:\path\to\user_activity_report.csv"

# Make the request to the Graph API and save the response to a file
Invoke-MgGraphRequest -Method GET -Uri $url -OutputFilePath $outputFilePath


Exporting and Analyzing the Report

Once you have the CSV file, you can load it into PowerShell for further analysis or export it to another format:

# Load the CSV file into a PowerShell object
$userActivityData = Import-Csv -Path "C:\path\to\user_activity_report.csv"

# Display the data
$userActivityData


Scheduling the Report Generation

To automate the report generation, you can schedule the script using Task Scheduler or a similar tool. Here’s an example script you can schedule:

$reportPath = "C:\path\to\user_activity_report.csv"
$url = "https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D7')"

Invoke-MgGraphRequest -Method GET -Uri $url -OutputFilePath $reportPath
Save this script as a .ps1 file and set up a task in Task Scheduler to run it at your preferred interval.


Error Handling

When running these commands, you may encounter errors. Here are some common issues and how to resolve them:

  • Insufficient Permissions: Ensure you have the Reports.Read.All permission.
  • Authentication Issues: Verify that your account has the necessary permissions and try reconnecting using Connect-MgGraph.


Conclusion

Using Graph PowerShell, you can generate detailed user activity reports in Microsoft 365, helping you maintain security, compliance, and operational efficiency. By following the steps outlined in this guide, you can easily create, filter, and export these reports, and even automate their generation to save time. And always keep an eye on Microsoft.Graph.Reports API to understand how you can query for different Microsoft 365 reports and to stay updated with the latest advancements.


Frequently Asked Questions (FAQs)

Q: What permissions do I need to run these scripts?

A: You need the "Reports.Read.All" permission to access user activity reports using Graph PowerShell.

Q: Can I filter the report by specific activities?

A: Yes, you can use PowerShell's filtering capabilities (e.g., Where-Object) to focus on specific activities or users.

Q: How can I automate the report generation?

A: You can schedule the PowerShell script using Task Scheduler or another scheduling tool to run at regular intervals.

Q: What should I do if I encounter authentication issues?

A: Ensure your account has the necessary permissions and reconnect using Connect-MgGraph.

By leveraging these capabilities, you can effectively manage and monitor user activities in Microsoft 365, ensuring your organization's resources are used efficiently and securely. Happy scripting!


Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell

© m365corner.com. All Rights Reserved. Design by HTML Codex