Esempi dell'API di creazione report di Azure Active Directory

Questo argomento fa parte di una raccolta di argomenti sull'API di creazione report di Azure Active Directory.
La creazione di report di Azure Active Directory fornisce un'API che consente di accedere ai dati di controllo tramite codice o strumenti correlati. L'obiettivo di questo argomento è fornire codice di esempio per l' API di controllo.

Vedere:

Per domande, problemi o suggerimenti, contattare la Guida per la creazione di report AAD.

Prerequisiti

Prima di poter usare gli esempi contenuti in questo argomento, è necessario completare i prerequisiti di accesso all'API di creazione report di Azure AD.

Problema noto

L'autenticazione dell'applicazione non funziona se il tenant si trova nell'area dell'Unione Europea. Per l'accesso all'API di controllo come soluzione alternativa fino a quando non si risolve il problema, usare l'autenticazione degli utenti.

Script di PowerShell

# This script will require registration of a Web Application in Azure Active Directory (see https://azure.microsoft.com/documentation/articles/active-directory-reporting-api-getting-started/)

# Constants
$ClientID       = "your-client-application-id-here"       # Insert your application's Client ID, a Globally Unique ID (registered by Global Admin)
$ClientSecret   = "your-client-application-secret-here"   # Insert your application's Client Key/Secret string
$loginURL       = "https://login.microsoftonline.com"     # AAD Instance; for example https://login.microsoftonline.com
$tenantdomain   = "your-tenant-domain.onmicrosoft.com"    # AAD Tenant; for example, contoso.onmicrosoft.com
$resource       = "https://graph.windows.net"             # Azure AD Graph API resource URI
$7daysago       = "{0:s}" -f (get-date).AddDays(-7) + "Z" # Use 'AddMinutes(-5)' to decrement minutes, for example
Write-Output "Searching for events starting $7daysago"

# Create HTTP header, get an OAuth2 access token based on client id, secret and tenant domain
$body       = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth      = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body

# Parse audit report items, save output to file(s): auditX.json, where X = 0 thru n for number of nextLink pages
if ($oauth.access_token -ne $null) {   
    $i=0
    $headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
    $url = 'https://graph.windows.net/' + $tenantdomain + '/activities/audit?api-version=beta&`$filter=activityDate gt ' + $7daysago

    # loop through each query page (1 through n)
    Do{
        # display each event on the console window
        Write-Output "Fetching data using Uri: $url"
        $myReport = (Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url)
        foreach ($event in ($myReport.Content | ConvertFrom-Json).value) {
            Write-Output ($event | ConvertTo-Json)
        }

        # save the query page to an output file
        Write-Output "Save the output to a file audit$i.json"
        $myReport.Content | Out-File -FilePath audit$i.json -Force
        $url = ($myReport.Content | ConvertFrom-Json).'@odata.nextLink'
        $i = $i+1
    } while($url -ne $null)
} else {
    Write-Host "ERROR: No Access Token"
    }

Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

Esecuzione dello script di PowerShell

Una volta modificato lo script, eseguirlo e verificare che vengano restituiti i dati corretti dal report Log di controllo.

Lo script restituisce l'output del report di controllo in formato JSON. Crea anche un file audit.json con lo stesso output. È possibile provare a modificare lo script per restituire i dati di altri report e rimuovere i commenti per i formati di output non necessari.

Script Bash

#!/bin/bash

# Author: Ken Hoff (kenhoff@microsoft.com)
# Date: 2015.08.20
# NOTE: This script requires jq (https://stedolan.github.io/jq/)

CLIENT_ID="your-application-client-id-here"         # Should be a ~35 character string insert your info here
CLIENT_SECRET="your-application-client-secret-here" # Should be a ~44 character string insert your info here
LOGIN_URL="https://login.microsoftonline.com"
TENANT_DOMAIN="your-directory-name-here.onmicrosoft.com"    # For example, contoso.onmicrosoft.com

TOKEN_INFO=$(curl -s --data-urlencode "grant_type=client_credentials" --data-urlencode "client_id=$CLIENT_ID" --data-urlencode "client_secret=$CLIENT_SECRET" "$LOGIN_URL/$TENANT_DOMAIN/oauth2/token?api-version=1.0")

TOKEN_TYPE=$(echo $TOKEN_INFO | ./jq-win64.exe -r '.token_type')
ACCESS_TOKEN=$(echo $TOKEN_INFO | ./jq-win64.exe -r '.access_token')

# get yesterday's date

YESTERDAY=$(date --date='1 day ago' +'%Y-%m-%d')

URL="https://graph.windows.net/$TENANT_DOMAIN/activities/audit?api-version=beta&$filter=activityDate%20gt%20$YESTERDAY"


REPORT=$(curl -s --header "Authorization: $TOKEN_TYPE $ACCESS_TOKEN" $URL)

echo $REPORT | ./jq-win64.exe -r '.value' | ./jq-win64.exe -r ".[]"

Script Python

# Author: Michael McLaughlin (michmcla@microsoft.com)
# Date: January 20, 2016
# This requires the Python Requests module: http://docs.python-requests.org

import requests
import datetime
import sys

client_id = 'your-application-client-id-here'
client_secret = 'your-application-client-secret-here'
login_url = 'https://login.microsoftonline.com/'
tenant_domain = 'your-directory-name-here.onmicrosoft.com'

# Get an OAuth access token
bodyvals = {'client_id': client_id,
            'client_secret': client_secret,
            'grant_type': 'client_credentials'}

request_url = login_url + tenant_domain + '/oauth2/token?api-version=1.0'
token_response = requests.post(request_url, data=bodyvals)

access_token = token_response.json().get('access_token')
token_type = token_response.json().get('token_type')

if access_token is None or token_type is None:
    print "ERROR: Couldn't get access token"
    sys.exit(1)

# Use the access token to make the API request
yesterday = datetime.date.strftime(datetime.date.today() - datetime.timedelta(days=1), '%Y-%m-%d')

header_params = {'Authorization': token_type + ' ' + access_token}
request_string = 'https://graph.windows.net/' + tenant_domain + 'activities/audit?api-version=beta&$filter=activityDate%20gt%20' + yesterday   
response = requests.get(request_string, headers = header_params)

if response.status_code is 200:
    print response.content
else:
    print 'ERROR: API request failed'

Passaggi successivi