I suggest you ...

← Microsoft Graph Feature Requests

auditing

Graph API : How can we Audit mailbox access by Application Permission AD apps that have been granted admin consent. We are logging client-request-id, request-id, timestamp and x-ms-ags-diagnostic from the HTTP response headers of Graph but we have to reach microsoft to get details of these calls.

For an Azure AD/Office 365 admin, Graph API audit logs should be available in Security and Compliance section.

19 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Rohit Raghuvansi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Julian Aymanns commented  ·   ·  Flag as inappropriate

    I strongly agree! This feature is a must-have for applications that have application Mail.Read access.

    Email access does not even show up in the audit logs when "MessageBind" is activated on the respective mailbox. Hence, affected client secrets could be abused without a trace.

Microsoft Graph Feature Requests: Calendar (Outlook)

Categories

Feedback and Knowledge Base

(thinking…)