Sample KQL queries for Azure Log Analytics against Office 365 audit logs and Azure AD Audit or Sign-in logs.
Getting started with Azure Log Analytics / Azure Sentinel
- Office 365 usage
- OneDrive user uploads
- Azure AD group creation
- Office 365 group creation initiated by
- SharePoint Online Site Creation
- SharePoint Online Sharing Content
- Users uploading Git repos
Note Recommend installing Azure Log Analytics / Kusto Syntax Highlighting extension for Visual Studio Code to easily view KQL queries.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys' fees, that arise or result from the use or distribution of the Sample Code.