Cli-microsoft365: New command: tenant auditlog report

Hi @rabwill

I'd like to work on it.

All yours @dips365. Thank you 🙏

What is the idea behind the byPassCheck option @rabwill?

Also, is there a specific reason we offer here the outputFile option rather than allowing users to simply redirect the output to a file using > file.txt?

What is the idea behind the byPassCheck option @rabwill?

Hey @waldekmastykarz I guess this may not be needed for the command, I found the spec in here in PnP doco , should we remove it?

Also, is there a specific reason we offer here the outputFile option rather than allowing users to simply redirect the output to a file using > file.txt?

Hey @waldekmastykarz , consistency with this command spec here ? tenant report serviceCounts

Hey @waldekmastykarz I guess this may not be needed for the command, I found the spec in here in PnP doco , should we remove it?

Yes, let's remove byPassCheck from this and other similar specs

Hey @waldekmastykarz , consistency with this command spec here ? tenant report serviceCounts

Got it. I think we needed it in the past to properly support immersive mode which didn't support redirecting output to files. Since we're about to move to v3 which doesn't use the immersive mode, we could skip this and remove outputFile in tenant report servicecounts. What do you think?

Hey @waldekmastykarz I guess this may not be needed for the command, I found the spec in here in PnP doco , should we remove it?

Yes, let's remove byPassCheck from this and other similar specs

Hey @waldekmastykarz , consistency with this command spec here ? tenant report serviceCounts

Got it. I think we needed it in the past to properly support immersive mode which didn't support redirecting output to files. Since we're about to move to v3 which doesn't use the immersive mode, we could skip this and remove outputFile in tenant report servicecounts. What do you think?

Makes perfect sense to remove @waldekmastykarz ! Thanks for checking it 💪🏾 Also need to make a note to remove it from those commands as an issue.
Spec updated @dips365 , we don't need two of the options for bypassCheck and outputFile.

Hey @dips365 , just checking in if you are still working on this command?
Do let us know if you have any blockers or a question, thanks for your time 🙂

Setting as free for picking up due to lack of response

Hello @waldekmastykarz / @rabwill - I guess I can take a stab at this if no one is working on that.

All yours @arjunumenon and thank you 😊

Hey @arjunumenon, are you still working on this?

Hey @waldekmastykarz I had started looking into this 2 weeks back. Then I had to keep this on temporary hold due to my hectic schedules. I had plans to commence the dev this week. You asked right on time. 👍. Blame is on me, I should have kept you updated.

I have started back into this and should keep you informed soon about the development. Sorry for keeping you on wait mode. 😞

Don't worry about it @arjunumenon. No harm done. 🙂

Hello @waldekmastykarz / @rabwill - I am forced to be back with couple of questions (_probably a lot 😕_) which would need your guidance / suggestion.

Default Content Type - SharePoint?

• When I checked the code base of PnP PowerShell, I see that the default is kept as SharePoint if the user has not specified any.
• Will we be following the same convention in CLI as well? Can you guide please.

Multiple REST Calls - Confirmation on the approach

As per the Management API Documentation, following is the approach which needs to be executed for us to get the result

1. Check the subscription list
2. Start Subscription if the subscription for the Content Type does not exist.
3. Get the list of Content URL by Listing Available Content
4. Retrieving the content based on the Content URL returned from Step 3

This seems to be the approach for getting the Audit Log based on the documentation. Can you have a quick look and see anything which I am missing / overdoing?

Repeated REST Calls - Any reference or Best Practice

Like mentioned in the Step 4 above, there are going to be a repeated REST Calls since the data would be residing on multiple Content URI.
Do we have another command / area where we have implemented the similar approach so that I can continue the standard without reinventing the wheel. _I might be asking too much since it would be difficult even for you guys to remember that. Thought would give a try 🤞_

I had executed the REST API to one of the busy tenant and we do have a result URLs upto 200. So this means for us to get the complete result we need to execute it upto 200 times. Do you see any challenges with respect to timeout occurring over here.
API do have an inbuilt pagination. But according to this FAQ article, it is pretty much rare.

Text Output

The result schema is different for each of the Content Type. And following are how it looks like

Content Type - SharePoint

Content Type - ActiveDirectory

Do you have any recommendation of fields which we are planning to return. Following is something which I thought of. Any suggestion is highly appreciated.

Workload | Operation | ClientIP | User
-- | -- | -- | --
SharePoint | ManagedSyncClientAllowed | 174.108.51.233 | [email protected].
SharePoint | ManagedSyncClientAllowed | 165.225.60.63 | [email protected]

Assumption is that, JSON would return as it is without we modifying the result. Is my assumption correct.

I am sorry you guys had to go through lot of questions. Pardon me for that. . But I thought, I would get your guidance beforehand before we go ahead with the implementation.

Thanks.

Default Content Type - SharePoint?

I'd say let's leave it empty and define it as a required value. If we see over time that people use a particular type of content a lot, we can define it as the default value

Multiple REST Calls - Confirmation on the approach

I think you've got everything

Repeated REST Calls - Any reference or Best Practice

I don't think there is any timeout on command execution as it's a process that could theoretically run forever. To speed things up, we could try to split the requests in blocks of 5 or 10 and then execute them in parallel through Promise.all. I don't know any command that would do something similar off the top of my head, but if you search for Promise.all you could find something that's helpful

Text Output

I like your proposal. I'd add the timestamp to it.

JSON would indeed return the output as-is.

These are all very good questions and I'm glad you asked them. Please, never hesitate to reach out or ask as clarifying things upfront will save us roundtrips afterwards. 👍

Thanks a lot @waldekmastykarz . Now the picture is super clear. Definitely I am going to bother with you with more questions if something is stuck up. 😕

Just a final thing before we go ahead with the implementation.

Default Content Type - SharePoint?

I'd say let's leave it empty and define it as a required value. If we see over time that people use a particular type of content a lot, we can define it as the default value

If we are making the parameter as required value, do you think it make sense to update the specs that being the case, -c, --contentType <contentType>. Currently it is made as optional if I am not mistaken.

Yes, you're right. Let's update the spec.

Thanks @arjunumenon!