List privilegedOperationEvents

Retrieve a list of privilegedOperationEvent objects, which represent the audit events that are generated by Privileged Identity Management for the role operations. For the details about the audit event, refer privilegedOperationEvent. To filter the query results, use the standard OData $filter expression.

Prerequisites

The following scopes are required to execute this API: Directory.AccessAsUser.All

The requestor needs to have one of the following roles: Privileged Role Administrator, Global Administrator, Security Administrator, or Security Reader.

HTTP request

GET /privilegedOperationEvents

Optional query parameters

This method supports the OData Query Parameters to help customize the response.

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and collection of privilegedOperationEvent objects in the response body.

Example

Request 1

Here is an example of the request.

GET https://graph.microsoft.com/beta/privilegedOperationEvents
Response 1

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 227

{
  "value": [
    {
      "id": "id-value",
      "userId": "userId-value",
      "userName": "userName-value",
      "userMail": "userMail-value",
      "roleId": "roleId-value",
      "roleName": "roleName-value"
    }
  ]
}
Request 2

Here is an example of the request using $filter to get the audit events that have requestType as Elevate.

GET https://graph.microsoft.com/beta/privilegedOperationEvents?$filter=requestType%20eq%20'Elevate'
Response 2

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 547

{
    "value": [
        {
            "id": "201605110001636551",
            "userId": "0f693614-c255-4cf5-92fa-74e770c656d8",
            "userName": "admin",
            "userMail": "admin@contoso.onmicrosoft.com",
            "roleId": "558dba2d-e536-4349-a983-dd73ec2be1f7",
            "roleName": "Security Administrator",
            "expirationDateTime": "2016-05-11T19:31:14.1157385Z",
            "creationDateTime": "2016-05-11T18:31:14.5013728Z",
            "requestorId": "0f693614-c255-4cf5-92fa-74e770c656d8",
            "requestorName": "admin",
            "tenantId": "ffffae8b-cc96-4325-9bd1-dc82594b0b40",
            "requestType": "Elevate",
            "additionalInformation": "elevate me"
        },
        {
            "id": "201605190001743860",
            "userId": "0f693614-c255-4cf5-92fa-74e770c656d8",
            "userName": "admin",
            "userMail": "admin@contoso.onmicrosoft.com",
            "roleId": "558dba2d-e536-4349-a983-dd73ec2be1f7",
            "roleName": "Security Administrator",
            "expirationDateTime": "2016-05-19T17:52:58.6019279Z",
            "creationDateTime": "2016-05-19T16:52:58.9475243Z",
            "requestorId": "ffff3614-c255-4cf5-92fa-74e770c656d8",
            "requestorName": "admin",
            "tenantId": "ffffae8b-cc96-4325-9bd1-dc82594b0b40",
            "requestType": "Elevate",
            "additionalInformation": "elevate me"
        }
    ]
}