I was trying to get read the AuditLogs from Office 365 via PowerShell, so we can analyse usage and have the data automatically be updated:
# Create/Import remote session (no errors, no warnings)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking -AllowClobber
Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 # <- Fails here
Error:
Search-UnifiedAuditLog : The term 'Search-UnifiedAuditLog' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Was that cmdlet removed or did I miss something?
If this no longer works is there another way to get the audit logs automatically?
The required privileges are detailed here: https://learn.microsoft.com/en-us/purview/audit-search?tabs=microsoft-purview-portal
To access audit cmdlets, you must be assigned the Audit Logs or View-Only Audit Logs roles in the Exchange admin center. You can also create custom role groups with the ability to search the audit log by adding the View-Only Audit Logs or Audit Logs roles to a custom role group.