Get started with the Azure Active Directory reporting API

Azure Active Directory provides you with a variety of reports. The data of these reports can be very useful to your applications, such as SIEM systems, audit, and business intelligence tools.

By using the Azure AD reporting API, you can gain programmatic access to the data through a set of REST-based APIs. You can call these APIs from a variety of programming languages and tools.

This article provides you with a roadmap for accessing the reporting data using the related API.

If you run into issues, see how to get support for Azure Active Directory.

Prerequisites

To access the reporting API, even if you are planning on accessing the API using a script, you need to:

  1. Assign roles (Security Reader, Security Admin, Global Admin)
  2. Register an application
  3. Grant permissions
  4. Gather configuration settings

For detailed instructions, see the prerequisites to access the Azure Active Directory reporting API.

APIs with Graph Explorer

You can use the MSGraph explorer to verify your sign-in and audit API data. Make sure to sign in to your account using both of the sign-in buttons in the Graph Explorer UI, and set Tasks.ReadWrite and Directory.ReadAll permissions for your tenant as shown.

Graph Explorer

Modify permissions UI

Recommendation

If you are planning on retrieving reporting data without user intervention, you should consider using the Azure AD Reporting API with certificates.

For detailed instructions, see get data using the Azure AD Reporting API with certificates.

Explore

Get a first impression of the reporting APIs:

Customize

Create your own solution: