ESC
Type to search...
Navigate Open ESC Close

CustomSecAttributeAuditLogs.Read.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read All Resources

Allows the app to read all audit logs for events that contain information about custom security attributes, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read all custom security attribute audit logs

Allows the app to read all audit logs for events that contain information about custom security attributes, without a signed-in user.

Permission ID: 2a4f026d-e829-4e84-bdbf-d981a2703059
Delegated Permission Admin consent required

Read custom security attribute audit logs

Allows the app to read audit logs for events that contain information about custom security attributes, on behalf of the signed-in user.

User sees: Allows the app to read custom security attributes audit logs on your behalf.
Permission ID: 1fcdeaab-b519-44dd-bffc-ed1fd15a24e0

Properties

Microsoft Graph beta endpoint-derived-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property Type Description
activityDateTime DateTimeOffset Indicates the date and time the activity was performed. The Timestamp type is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z. Supports $filter (eq, ge, le).
activityDisplayName String Indicates the activity name or the operation name. For example: "Add custom security attribute definition in an attribute set" or "Update attribute values assigned to a user." For a list of activities logged, refer to Microsoft Entra audit log categories and activities. Supports $filter (eq, startswith).
additionalDetails keyValue collection Indicates additional details on the activity.
category String Indicates the resource category that's targeted by the activity. Custom security attribute activities are logged in a single category: AttributeManagement.
correlationId StringNullable Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services.
id String Indicates the unique ID for the activity. Inherited from entity.
initiatedBy auditActivityInitiator Indicates information about the user or app initiated the activity. Supports $filter (eq) for user/id, user/displayName, user/userPrincipalName, app/appId, app/displayName; and $filter (startswith) for user/userPrincipalName.
loggedByService StringNullable Indicates information on which service initiated the activity. For example: Core Directory. Supports $filter (eq).
operationType StringNullable Indicates the type of operation that was performed. The possible values include but aren't limited to the following: Add, Assign, Update, Unassign, and Delete.
result operationResult Indicates the result of the activity. The possible values are: success, failure, timeout, unknownFutureValue.
resultReason StringNullable Indicates the reason for failure if the result is failure or timeout.
targetResources targetResource collection Indicates information on which resource was changed due to the activity. The target resource type can be User, App, or Other. Supports $filter (eq) for id and displayName; and $filter (startswith) for displayName.
userAgent StringNullable Type of user agent used by a user in the activity.

JSON Representation

Microsoft Graph beta endpoint-derived-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation 
{
  "@odata.type": "#microsoft.graph.customSecurityAttributeAudit",
  "id": "String (identifier)",
  "category": "String",
  "correlationId": "String",
  "result": "String",
  "resultReason": "String",
  "activityDisplayName": "String",
  "activityDateTime": "String (timestamp)",
  "loggedByService": "String",
  "operationType": "String",
  "initiatedBy": {
    "@odata.type": "microsoft.graph.auditActivityInitiator"
  },
  "targetResources": [
    {
      "@odata.type": "microsoft.graph.targetResource"
    }
  ],
  "userAgent": "String",
  "additionalDetails": [
    {
      "@odata.type": "microsoft.graph.keyValue"
    }
  ]
}

Relationships

Microsoft Graph beta schema-derived

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship Type Description
additionalDetails keyValue collection Related additionalDetails data exposed by this resource.
initiatedBy auditActivityInitiator Related initiatedBy data exposed by this resource.
targetResources targetResource collection Related targetResources data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /auditLogs/customSecurityAttributeAudits
GET /auditLogs/customSecurityAttributeAudits/{customSecurityAttributeAuditId}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaAuditLogCustomSecurityAttributeAudit /auditLogs/customSecurityAttributeAudits
List customSecurityAttributeAudits
Get-MgBetaAuditLogCustomSecurityAttributeAudit /auditLogs/customSecurityAttributeAudits/{customSecurityAttributeAuditId}
Get customSecurityAttributeAudit

Code Examples

C# / .NET SDK
Get customSecurityAttributeAudit
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.AuditLogs.CustomSecurityAttributeAudits["{customSecurityAttributeAudit-id}"].GetAsync();
JavaScript
Get customSecurityAttributeAudit
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

let customSecurityAttributeAudit = await client.api('/auditLogs/customSecurityAttributeAudits/Directory_46ef8262-896f-4a39-9666-db82e22e778b_GXP3K_386490241')
	.version('beta')
	.get();
PowerShell
Get customSecurityAttributeAudit
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Beta.Reports

Get-MgBetaAuditLogCustomSecurityAttributeAudit -CustomSecurityAttributeAuditId $customSecurityAttributeAuditId
Python
Get customSecurityAttributeAudit
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.audit_logs.custom_security_attribute_audits.by_custom_security_attribute_audit_id('customSecurityAttributeAudit-id').get()

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for CustomSecAttributeAuditLogs.Read.All

4

Grant Admin Consent

Application permissions always require admin consent.