# Activity Log - Export

**Author**: Melissa Coates  

**Last updated and tested**: August 22, 2022 

**Purpose:** This notebook exports data from the [Power BI activity log](https://docs.microsoft.com/en-us/power-bi/admin/service-admin-auditing).

**Type of authentication**: You can log in with either:

- A domain user account (which Power BI administrator permissions), or
- A service principal (with permission to run admin APIs)

**How data is being accessed:** The notebook uses:

- Power BI Management Module for authentication: Connect-PowerBIServiceAccount
- Power BI Management Module for extracting the activity log data: Get-PowerBIActivityEvent

**Type of script**: Interactive, ad hoc (non-scheduled). This notebook is a guided learning experience to get familiar with how to query the activity log. It's not production-ready. 

More information, including prerequisites, is included at the bottom of this notebook.

## **Log in to the Power BI Service**

* * *

**Input before executing:**

- **Type of authentication:** 
    - **Line 2 - Choice for type of auth:** Input either '**User**' or '**SP**' without the quotes. This tells the script whether or not to log in as a user or a service principal.
- **If using user authentication:**
    - **Line 3 - Email address:** Input the email address for the user. This user must be a Power BI administrator. MFA can't be enabled for this account.
- **If using service principal authentication:**
    - **Line 4 - Azure AD app ID**: Input the app ID (aka client ID). 
    - **Line 5 - Azure tenant ID**: Input the tenant ID (aka directory ID).

**Interactive prompts:**

The script will interactively prompt you for the sensitive information (because hard-coding of passwords and secrets isn't secure):

- **If using user authentication:**
    - It will ask for the user's password.
- **If using service principal authentication:**
    - It will ask for the app secret.

**Comments:**

- This script uses the PowerShell cmdlet: [<u>Connect-PowerBIServiceAccount</u>](https://docs.microsoft.com/en-us/powershell/module/microsoftpowerbimgmt.profile/connect-powerbiserviceaccount).
- After signing in, the access token is active for one hour.

In [None]:
#-----------------INPUT AREA-----------------
[string]$TypeOfAuth = 'User'  #Options: User or SP
[string]$DomainUserEmailAddr = 'user@domain.com'
[string]$AzureADAppID = '1234-1234'
[string]$AzureTenantID = '1234-1234'
#--------------------------------------------

if ($TypeOfAuth -eq 'User')
{
    Write-Verbose "Domain user authentication will be used." -Verbose
    [securestring]$DomainUserPW = Read-Host -Prompt "Input password for $DomainUserEmailAddr" -AsSecureString
    [pscredential]$CredentialObj = New-Object System.Management.Automation.PSCredential($DomainUserEmailAddr, $DomainUserPW)  
    Connect-PowerBIServiceAccount -Credential $CredentialObj
}
elseif ($TypeOfAuth -eq 'SP')
{
    Write-Verbose "Service principal authentication will be used." -Verbose
    [securestring]$AzureADAppSecret = Read-Host -Prompt "Input secret for $AzureADAppID" -AsSecureString
    [pscredential]$CredentialObj = New-Object System.Management.Automation.PSCredential($AzureADAppID, $AzureADAppSecret)  
    Connect-PowerBIServiceAccount -Credential $CredentialObj -ServicePrincipal -Tenant $AzureTenantID
}
else 
{
    Write-Verbose "There's a problem. The Type of Auth variable input was $TypeOfAuth. Expected values are User or SP." -Verbose
}

## **Export Activity Log: All Activities, All Users, Up To 30 Days Back**
---
## <span style="font-size: 14px;">This script will allow you to extract the raw data for all activity log data, for all users, up to a maximum of 30 days back. This is useful when you want to export the data so it can be viewed/used in other tools.</span>  

**Input before executing:**

- **Line 2: Number of days to extract:** Data up to 30 days in the past may be retrieved.
- **Line 3: Location where to export the files:** This folder must already exist.

**Comments**:

- **Cmdlet used:** This script uses the PowerShell cmdlet: [<u>Get-PowerBIActivityEvent</u>](https://docs.microsoft.com/en-us/powershell/module/microsoftpowerbimgmt.admin/get-powerbiactivityevent). 
- **One file per day:** It exports one JSON file per day (based on UTC time). Saving files, partitioned by day, is very useful when you want to store raw data over time. 
- **File name:** The format of the file name is: PBIActivityEvents-DateOfEvents-DateTimeDataWasExtracted.json - the suffix includes a datetime of when the extract was run is included so that if there are multiple files, you know which one is newer.
- **Loop through range of time:** The range of time is specified with the first variable. It counts backwards from yesterday to determine how many days it should loop through. A maximum of one day is allowed to be extracted at once from the cmdlet (and its underlying API). That's why the loop runs once per day. 
- **Range of days:** The range will conclude with yesterday (UTC time). Today is ignored to avoid having a partial day's worth of data in a file.
- **JSON file format:** The JSON format is used because, over time, new data elements will be introduced by Power BI. A flexible schema is necessary to accomodate that so that you don't miss new data. It is a best practice to store the raw data as-is, in an immutable location, so the data is reliable for auditing.
- **Messages**: The verbose messages are displayed so you know where the script is at.

In [None]:
#-----------------INPUT AREA-----------------
[int32]$NbrDaysDaysToExtract = 4  #Maximum is 30 days back
[string]$ExportFileLocation = 'C:\Power-BI-Raw-Data\Activity-Log'
#--------------------------------------------

[datetime]$YesterdayUTC = (([datetime]::Today.ToUniversalTime()).Date).AddDays(-1) #Begin with yesterday, rather than today, to ensure full day results are obtained
[string]$DateTimeFileWrittenUTCLabel = ([datetime]::Now.ToUniversalTime()).ToString("yyyyMMddHHmm")

#Loop through each of the days to be extracted (<Initilize> ; <Condition> ; <Repeat>):
for($Loop=0 ; $Loop -lt $NbrDaysDaysToExtract ; $Loop++)
{
    [datetime]$DateToExtractUTC=$YesterdayUTC.AddDays(-$Loop).ToString("yyyy-MM-dd")

    [string]$DateToExtractLabel=$DateToExtractUTC.ToString("yyyy-MM-dd")
    
    [string]$ExportFileName = 'PBIActivityEvents-' + ($DateToExtractLabel -replace '-', '') + '-' + $DateTimeFileWrittenUTCLabel + '.json' 

    [psobject]$Events=Get-PowerBIActivityEvent -StartDateTime ($DateToExtractLabel+'T00:00:00.000') -EndDateTime ($DateToExtractLabel+'T23:59:59.999')
  
    $Events | Out-File "$ExportFileLocation\$ExportFileName"

    Write-Verbose "File written: $ExportFileName" -Verbose 
}
Write-Verbose "Extract of Power BI activity events is complete." -Verbose 

## **More Information About This File**

* * *

## <span style="font-size:14px;">Prerequisites for running this script:</span>

- The [Power BI Management module](https://www.powershellgallery.com/packages/MicrosoftPowerBIMgmt) for PowerShell needs to be installed.
    
- The [.NET Interactive Notebooks](https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.dotnet-interactive-vscode) extension needs to be installed and enabled in VS Code and/or Azure Data Studio.
    
- Either a user account with Power BI administrator permissions, or a service principal with permission to run admin APIs.
    

This script **interactively prompts** for the sensitive information to be passed into a credential object. Therefore, it's only useful for ad hoc purposes. A different technique is used for securely storing the credentials when a script is to be operationalized and scheduled.

The original / most recent version of this notebook can be found on Melissa Coates' [Power-BI-Admin repository in GitHub](https://github.com/sqlchick/Power-BI-Admin).