In this post, we will learn how to search Microsoft audit logs with PowerShell without accessing the administration portal.
Microsoft 365 audit logs are based on Exchange Online, and to access the audit logs, we need to use the Exchange Online PowerShell module. To access Exchange Online PowerShell, I will connect to Exchange Online using Cloud Shell.
Search Audit Logs
In the below example, I am going to search for all the audit logs for a user (enter the user’s email address or UPN) between two dates.
Search-UnifiedAuditLog -StartDate 1/12/2020 -EndDate 5/12/2020 -UserIds USEREMAILADDRESS | ft
The result will show all the entries from all the Microsoft 365 services.