Does the Azure AD audit log API work for Azure US Government tenants?

Question

I cannot retrieve any signIn data from our Azure US Gov tenant with the following Powershell:

$ClientID = "<my app id>"
$ClientSecret = "<app key>"
$loginURL = "https://login.microsoftonline.us"
$tenantdomain = "<my tenant name>"
$scope = "https://graph.microsoft.com/.default" 
$body = @{grant_type="client_credentials";client_id=$ClientID;client_secret=$ClientSecret;scope=$scope}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/v2.0/token -Body $body  
$url = "https://graph.microsoft.com/beta/auditLogs/signIns"
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url

We have AAD P2 licenses and the application has the required permissions to read the audit log data.

The same code works against our commercial tenant (after modifying the $loginURL appropriately.

I know the API is still beta, but I was hoping someone can confirm if it should or should not work against a Gov tenant.

I do not receive any errors, I just receive no data:

Content : {"@odata.context":"https://graph.microsoft.com/beta/$metadata#auditLogs/signIns","value":[]}

Any help appreciated!

Answer 1

We'll have this update documented publicly soon at our Azure Government developer endpoint mapping, but can you try graph.microsoft.us as the Microsoft Graph endpoint?

Also, the sign-in activity API isn't currently available in Azure Government and we are working on a date for that. However, the audit API (beta/auditLogs/directoryAudits) should be returning data with the graph.microsoft.us endpoint.

Can you confirm that this works for you?

Thanks, Bernie