This is another option for CoE Starter Kit Audit Logs Sync Flow using new Audit Logs Query Graph API (preview). Current V2 sync flow uses old Office 365 Management API which has limitations not allowing us to define what events we want to query from the Audit Log causing performance and throttling issues especially in large busy tenants. With Graph API we can query only events we need reducing amount of Power Platform requests needed to process the events
Download the latest version of the solution and import to the same environment where you have CoE Kit Core Components installed using CoE Kit service account.
-
Update the permissions of the Entra ID app registration to use AuditLogsQuery.Read.All Application permissions and grant the consent. If you do not have the Entra ID application created for this yet then follow the official CoE Kit instructions how to create application for this https://learn.microsoft.com/en-us/power-platform/guidance/coe/setup-auditlog-http#create-a-microsoft-entra-app-registration-for-the-office-365-management-api
-
If you have been using current Admin | Audit Logs | Sync Audit Logs (V2) flow then stop the flow in Center of Excellence - Core Components solution
-
Make sure that the Admin | Audit Logs | Update Data (V2) flow is turned on
-
Update the Audit Logs - Audience environment variable by using Coe Admin Command Center or in Default solution to use Graph API URL > https://graph.microsoft.com
-
If you have not configured Audit Logs sync before then set the Audit Logs - ClientID and Audit Logs - Client Secret or Audit Logs - Client Azure Secret if secret is stored in Azure KeyVault
-
Browse to the Audit Logs Sync V3 solution and open the Admin | Audit Logs | Sync Audit Logs (V3) flow details page
-
Flow is running every 6 hours by default querying last 6 hour of LaunchedApp, DeleteApp and DeleteFlow events. If you want to change the frequency then change the interval of the trigger and you also need to change the time otherwise move to next step
-
Turn on the flow
-
Run the flow
