I want to specify the time when acquiring the Azure AD audit log.
What kind of method should be used for Japanese tenants?
Currently, the time is specified by the following method.
When specifying "dateTime" in the filter, is it specified in UTC? Or is it OK to specify in (UTC +9: 00) because it is a Japanese tenant?
Sorry for your inconvenience, but thank you.
$FilterDate = Get-Date (Get-Date) . AddDays (-1) -Format "yyyy-MM-dd"
$url = "$resource/beta/auditLogs/directoryAudits?$filter=start/dateTime$($FilterDate)T00:00:00 and End/DateTime le $($FilterDate)T23:59:59"
I suppose you are using the Microsoft Graph API - List directoryAudits, if so, the dateTime in the $filter will be specified in UTC.
When you use the Get-Date, what you get is the local time. So if you want to filter with the local time as Get-Date (Get-Date).AddDays(-1) -Format "yyyy-MM-dd", you need to use the ToUniversalTime() function to convert it to the UTC time, then pass it to the filter.
$FilterDate = Get-Date ((Get-Date).AddDays(-1)).ToUniversalTime() -Format "yyyy-MM-dd"