Activity logging for PowerApps

[This topic is pre-release documentation and is subject to change.]

PowerApps activities are now tracked from the Office 365 Security & Compliance Center. Office 365 tenant administrators reach the Security & Compliance Center by navigating to https://protection.office.com. From there, the Audit log search is found under the Search and investigation dropdown.

Audit log search

Within the Audit log search screen, tenant administrators can search audit logs across many popular services including eDiscovery, Exchange, Power BI, Azure AD, Microsoft Teams, Dynamics 365 for Customer Engagement apps, and now Microsoft PowerApps.

Once the Audit log search screen is accessed, an administrator can filter for specific activities by pulling down the Activities dropdown. By scrolling down the list, a section dedicated to Microsoft PowerApps activities can be found.

What events are audited

Logging takes place at the SDK layer which means a single action can trigger multiple events that are logged. The following are a sample of user events you can audit.

Event Description
Created app When the app gets created for the first time by a maker
Launched app When the app gets launched
Marked app as Featured Every time the app is marked as Featured
Restored app version The version of the app when restored
Edited app Any updates made to the app by the maker
Published app When the app is published and is now made available to others in the environment
Edited app permission Every time a user's permissions to the app is changed
Deleted app When the app is deleted
Marked app as Hero Every time the app is marked as Hero
Deleted app permission Every time a user's permissions to the app is removed

Base schema

Schemas define which PowerApps fields are sent to the Office 365 Security and Compliance Center. Some fields are common to all applications that send audit data to Office 365, while others are specific to PowerApps. The Base schema contains the common fields.

Field name Type Mandatory Description
Date Edm.Date No Date and time of when the log was generated in UTC
App Name Edm.String No Unique Identifier of the PowerApp
Id Edm.Guid No Unique GUID for every row logged
Result Status Edm.String No Status of the row logged. Success in most cases.
Organization Id Edm.Guid Yes Unique identifier of the organization from which the log was generated.
CreationTime Edm.Date No Date and time of when the log was generated in UTC
Operation Edm.Date No Name of operation
UserKey Edm.String No Unique Identifier of the User in Azure AD
UserType Self.UserType No The audit type (Admin, Regular, System)
Additional Info Edm.String No Additional information if any (e.g. the environment name)

Review your audit data using reports in Office 365 Security and Compliance Center

You can review your audit data in the Office 365 Security and Compliance Center. See Search the audit log for user and admin activity in Office 365.

To use the preconfigured PowerApps reports, go to https://protection.office.com > Search & investigation > Audit log search and select the PowerApps app activities tab.

Audit log search

See also

Search the audit log for user and admin activity in Office 365
Office 365 Management APIs overview
Permissions in the Office 365 Security & Compliance Center