Microsoft Graph

Microsoft Graph Audit Logs

Microsoft Graph Audit Logs provide a unified, programmatic way to access and analyze activity and sign-in data from Microsoft Entra ID (Azure Active Directory) and related Microsoft 365 services. Through the Microsoft Graph API, you can query directory audit events (changes to users, groups, apps, roles, policies), user and app sign-in events (including details like time, location, device, conditional access outcome, and risk signals), and provisioning events (account lifecycle actions).

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-graph/refs/heads/main/openapi/auditlogs-openapi-original.yml

OpenAPI Specification

auditlogs-openapi-original.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Microsoft Graph Audit Logs API
  description: The Microsoft Graph Audit Logs API provides access to Microsoft Entra ID audit logs, including directory audits, sign-in logs, and provisioning logs. This enables monitoring and reviewing user activities, authentication events, and provisioning operations across your tenant.
  version: 1.0.0
  contact:
    name: Microsoft Graph Support
    url: https://developer.microsoft.com/graph
  license:
    name: Microsoft API License
    url: https://docs.microsoft.com/legal/microsoft-apis/terms-of-use
servers:
  - url: https://graph.microsoft.com/v1.0
    description: Microsoft Graph v1.0 endpoint
paths:
  /auditLogs:
    description: Provides operations to manage the auditLogRoot singleton.
    get:
      tags:
        - Audit Logs
      summary: Microsoft Graph Get auditLogs
      description: Performs GET operation on /auditLogs
      operationId: listAuditLogs
      parameters:
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          description: Retrieved entity
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditLogRoot'
              examples:
                AuditLogRootExample:
                  $ref: '#/components/examples/AuditLogRootExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    patch:
      tags:
        - Audit Logs
      summary: Microsoft Graph Update auditLogs
      description: Performs PATCH operation on /auditLogs
      operationId: updateAuditLogs
      requestBody:
        description: New property values
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuditLogRoot'
            examples:
              AuditLogRootRequestExample:
                $ref: '#/components/examples/AuditLogRootRequestExample'
        required: true
      responses:
        2XX:
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditLogRoot'
              examples:
                AuditLogRootExample:
                  $ref: '#/components/examples/AuditLogRootExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
  /auditLogs/directoryAudits:
    description: Provides operations to manage the directoryAudits property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph List directoryAudits
      description: Get the list of audit logs generated by Microsoft Entra ID. This includes audit logs generated by various services within Microsoft Entra ID, including user, app, device and group Management, privileged identity management (PIM), access reviews, terms of use, identity protection, password management (self-service and admin password resets), and self- service group management, and so on.
      operationId: listAuditLogsDirectoryAudits
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/directoryaudit-list?view=graph-rest-1.0
      parameters:
        - $ref: '#/components/parameters/Top'
        - $ref: '#/components/parameters/Skip'
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
        - $ref: '#/components/parameters/Count'
        - name: $orderby
          in: query
          description: Order items by property values
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          $ref: '#/components/responses/DirectoryAuditCollectionResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-pageable:
        nextLinkName: '@odata.nextLink'
        operationName: listMore
      x-ms-docs-operation-type: operation
    post:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph Create Directory Audits
      description: Performs POST operation on /auditLogs/directoryAudits
      operationId: createAuditLogsDirectoryAudits
      requestBody:
        description: New navigation property
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DirectoryAudit'
            examples:
              DirectoryAuditRequestExample:
                $ref: '#/components/examples/DirectoryAuditRequestExample'
        required: true
      responses:
        2XX:
          description: Created navigation property.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DirectoryAudit'
              examples:
                DirectoryAuditExample:
                  $ref: '#/components/examples/DirectoryAuditExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
  /auditLogs/directoryAudits/{directoryAudit-id}:
    description: Provides operations to manage the directoryAudits property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph Get directoryAudit
      description: Get a specific Microsoft Entra audit log item. This includes an audit log item generated by various services within Microsoft Entra ID like user, application, device and group management, privileged identity management (PIM), access reviews, terms of use, identity protection, password management (self-service and admin password resets), self-service group management, and so on.
      operationId: getAuditLogsDirectoryAudits
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/directoryaudit-get?view=graph-rest-1.0
      parameters:
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          description: Retrieved navigation property
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DirectoryAudit'
              examples:
                DirectoryAuditExample:
                  $ref: '#/components/examples/DirectoryAuditExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    patch:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph Update Directory Audits
      description: Performs PATCH operation on /auditLogs/directoryAudits/{directoryAudit-id}
      operationId: updateAuditLogsDirectoryAudits
      requestBody:
        description: New navigation property values
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DirectoryAudit'
            examples:
              DirectoryAuditRequestExample:
                $ref: '#/components/examples/DirectoryAuditRequestExample'
        required: true
      responses:
        2XX:
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DirectoryAudit'
              examples:
                DirectoryAuditExample:
                  $ref: '#/components/examples/DirectoryAuditExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    delete:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph Delete Directory Audits
      description: Performs DELETE operation on /auditLogs/directoryAudits/{directoryAudit-id}
      operationId: deleteAuditLogsDirectoryAudits
      parameters:
        - name: If-Match
          in: header
          description: ETag
          schema:
            type: string
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: operation
    parameters:
      - name: directoryAudit-id
        in: path
        description: The unique identifier of directoryAudit
        required: true
        schema:
          type: string
        x-ms-docs-key-type: directoryAudit
  /auditLogs/directoryAudits/$count:
    description: Provides operations to count the resources in the collection.
    get:
      tags:
        - Audit Logs Directory Audits
      summary: Microsoft Graph Get the number of the resource
      description: Performs GET operation on /auditLogs/directoryAudits/$count
      operationId: countAuditLogsDirectoryAudits
      parameters:
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
      responses:
        2XX:
          $ref: '#/components/responses/ODataCountResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
  /auditLogs/provisioning:
    description: Provides operations to manage the provisioning property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph List provisioningObjectSummary
      description: 'Get all provisioning events that occurred in your tenant, such as the deletion of a group in a target application or the creation of a user when provisioning user accounts from your HR system. '
      operationId: provisionAuditLogsProvisioning
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/provisioningobjectsummary-list?view=graph-rest-1.0
      parameters:
        - $ref: '#/components/parameters/Top'
        - $ref: '#/components/parameters/Skip'
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
        - $ref: '#/components/parameters/Count'
        - name: $orderby
          in: query
          description: Order items by property values
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          $ref: '#/components/responses/ProvisioningObjectSummaryCollectionResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-pageable:
        nextLinkName: '@odata.nextLink'
        operationName: listMore
      x-ms-docs-operation-type: operation
    post:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph Create Provisioning
      description: Performs POST operation on /auditLogs/provisioning
      operationId: provisionAuditLogsProvisioning1
      requestBody:
        description: New navigation property
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProvisioningObjectSummary'
            examples:
              ProvisioningObjectSummaryRequestExample:
                $ref: '#/components/examples/ProvisioningObjectSummaryRequestExample'
        required: true
      responses:
        2XX:
          description: Created navigation property.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProvisioningObjectSummary'
              examples:
                ProvisioningObjectSummaryExample:
                  $ref: '#/components/examples/ProvisioningObjectSummaryExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
  /auditLogs/provisioning/{provisioningObjectSummary-id}:
    description: Provides operations to manage the provisioning property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph Get provisioning from auditLogs
      description: Performs GET operation on /auditLogs/provisioning/{provisioningObjectSummary-id}
      operationId: provisionAuditLogsProvisioning2
      parameters:
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          description: Retrieved navigation property
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProvisioningObjectSummary'
              examples:
                ProvisioningObjectSummaryExample:
                  $ref: '#/components/examples/ProvisioningObjectSummaryExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    patch:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph Update Provisioning
      description: Performs PATCH operation on /auditLogs/provisioning/{provisioningObjectSummary-id}
      operationId: provisionAuditLogsProvisioning3
      requestBody:
        description: New navigation property values
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProvisioningObjectSummary'
            examples:
              ProvisioningObjectSummaryRequestExample:
                $ref: '#/components/examples/ProvisioningObjectSummaryRequestExample'
        required: true
      responses:
        2XX:
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProvisioningObjectSummary'
              examples:
                ProvisioningObjectSummaryExample:
                  $ref: '#/components/examples/ProvisioningObjectSummaryExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    delete:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph Delete Provisioning
      description: Performs DELETE operation on /auditLogs/provisioning/{provisioningObjectSummary-id}
      operationId: provisionAuditLogsProvisioning4
      parameters:
        - name: If-Match
          in: header
          description: ETag
          schema:
            type: string
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: operation
    parameters:
      - name: provisioningObjectSummary-id
        in: path
        description: The unique identifier of provisioningObjectSummary
        required: true
        schema:
          type: string
        x-ms-docs-key-type: provisioningObjectSummary
  /auditLogs/provisioning/$count:
    description: Provides operations to count the resources in the collection.
    get:
      tags:
        - Audit Logs Provisioning
      summary: Microsoft Graph Get the number of the resource
      description: Performs GET operation on /auditLogs/provisioning/$count
      operationId: provisionAuditLogsProvisioning5
      parameters:
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
      responses:
        2XX:
          $ref: '#/components/responses/ODataCountResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
  /auditLogs/signIns:
    description: Provides operations to manage the signIns property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph List signIns
      description: Retrieve the Microsoft Entra user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs.  The maximum and default page size is 1,000 objects and by default, the most recent sign-ins are returned first. Only sign-in events that occurred within the Microsoft Entra ID default retention period are available.
      operationId: listAuditLogsSignIns
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/signin-list?view=graph-rest-1.0
      parameters:
        - $ref: '#/components/parameters/Top'
        - $ref: '#/components/parameters/Skip'
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
        - $ref: '#/components/parameters/Count'
        - name: $orderby
          in: query
          description: Order items by property values
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          $ref: '#/components/responses/SignInCollectionResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-pageable:
        nextLinkName: '@odata.nextLink'
        operationName: listMore
      x-ms-docs-operation-type: operation
    post:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Create Sign Ins
      description: Performs POST operation on /auditLogs/signIns
      operationId: createAuditLogsSignIns
      requestBody:
        description: New navigation property
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignIn'
            examples:
              SignInRequestExample:
                $ref: '#/components/examples/SignInRequestExample'
        required: true
      responses:
        2XX:
          description: Created navigation property.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignIn'
              examples:
                SignInExample:
                  $ref: '#/components/examples/SignInExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
  /auditLogs/signIns/{signIn-id}:
    description: Provides operations to manage the signIns property of the microsoft.graph.auditLogRoot entity.
    get:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Get signIn
      description: Retrieve a specific Microsoft Entra user sign-in event for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs.
      operationId: getAuditLogsSignIns
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/signin-get?view=graph-rest-1.0
      parameters:
        - name: $select
          in: query
          description: Select properties to be returned
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
        - name: $expand
          in: query
          description: Expand related entities
          style: form
          explode: false
          schema:
            uniqueItems: true
            type: array
            items:
              type: string
      responses:
        2XX:
          description: Retrieved navigation property
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignIn'
              examples:
                SignInExample:
                  $ref: '#/components/examples/SignInExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    patch:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Update Sign Ins
      description: Performs PATCH operation on /auditLogs/signIns/{signIn-id}
      operationId: updateAuditLogsSignIns
      requestBody:
        description: New navigation property values
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignIn'
            examples:
              SignInRequestExample:
                $ref: '#/components/examples/SignInRequestExample'
        required: true
      responses:
        2XX:
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignIn'
              examples:
                SignInExample:
                  $ref: '#/components/examples/SignInExample'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
      x-ms-docs-operation-type: operation
    delete:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Delete Sign Ins
      description: Performs DELETE operation on /auditLogs/signIns/{signIn-id}
      operationId: deleteAuditLogsSignIns
      parameters:
        - name: If-Match
          in: header
          description: ETag
          schema:
            type: string
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: operation
    parameters:
      - name: signIn-id
        in: path
        description: The unique identifier of signIn
        required: true
        schema:
          type: string
        x-ms-docs-key-type: signIn
  /auditLogs/signIns/$count:
    description: Provides operations to count the resources in the collection.
    get:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Get the number of the resource
      description: Performs GET operation on /auditLogs/signIns/$count
      operationId: countAuditLogsSignIns
      parameters:
        - $ref: '#/components/parameters/Search'
        - $ref: '#/components/parameters/Filter'
      responses:
        2XX:
          $ref: '#/components/responses/ODataCountResponse'
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: 2XX
  /auditLogs/signIns/confirmCompromised:
    description: Provides operations to call the confirmCompromised method.
    post:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Create Confirm Compromised
      description: Mark an event in the Microsoft Entra sign-in logs as risky. Events marked as risky by an admin are immediately flagged as high risk in Microsoft Entra ID Protection, overriding previous risk states. Admins can confirm that events flagged as risky by Microsoft Entra ID Protection are in fact risky. For details about investigating Identity Protection risks, see How to investigate risk.
      operationId: confirmCompromisedAuditLogsSignIns
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/signin-confirmcompromised?view=graph-rest-1.0
      requestBody:
        description: Action parameters
        content:
          application/json:
            schema:
              type: object
              properties:
                requestIds:
                  type: array
                  items:
                    type: string
                    nullable: true
            examples:
              confirmCompromisedAuditLogsSignInsRequestExample:
                $ref: '#/components/examples/confirmCompromisedAuditLogsSignInsRequestExample'
        required: true
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: action
  /auditLogs/signIns/confirmSafe:
    description: Provides operations to call the confirmSafe method.
    post:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Create Confirm Safe
      description: Mark an event in Microsoft Entra sign-in logs as safe. Admins can either mark the events flagged as risky by Microsoft Entra ID Protection as safe, or they can mark unflagged events as safe. For details about investigating Identity Protection risks, see How to investigate risk.
      operationId: confirmSafeAuditLogsSignIns
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/signin-confirmsafe?view=graph-rest-1.0
      requestBody:
        description: Action parameters
        content:
          application/json:
            schema:
              type: object
              properties:
                requestIds:
                  type: array
                  items:
                    type: string
                    nullable: true
            examples:
              confirmSafeAuditLogsSignInsRequestExample:
                $ref: '#/components/examples/confirmSafeAuditLogsSignInsRequestExample'
        required: true
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: action
  /auditLogs/signIns/dismiss:
    description: Provides operations to call the dismiss method.
    post:
      tags:
        - Audit Logs Sign Ins
      summary: Microsoft Graph Create Dismiss
      description: Mark an event in Microsoft Entra sign-in logs as dismissed. For details about investigating Identity Protection risks, see How to investigate risk.
      operationId: dismissAuditLogsSignIns
      externalDocs:
        description: Find more info here
        url: https://learn.microsoft.com/graph/api/signin-dismiss?view=graph-rest-1.0
      requestBody:
        description: Action parameters
        content:
          application/json:
            schema:
              type: object
              properties:
                requestIds:
                  type: array
                  items:
                    type: string
                    nullable: true
            examples:
              dismissAuditLogsSignInsRequestExample:
                $ref: '#/components/examples/dismissAuditLogsSignInsRequestExample'
        required: true
      responses:
        '204':
          description: Success
        4XX:
          $ref: '#/components/responses/error'
        5XX:
          $ref: '#/components/responses/error'
      x-microcks-operation:
        delay: 100
        dispatcher: FALLBACK
        dispatcherRules: '204'
      x-ms-docs-operation-type: action
tags:
  - name: Audit Logs
    description: Operations for accessing audit log data
  - name: Audit Lo

# --- truncated at 32 KB (56 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-graph/refs/heads/main/openapi/auditlogs-openapi-original.yml