Cette requ\u00eate permet de :<\/p>\n\n\n\n
AuditLogs\n| where Category in (\"CrossTenantAccessSettings\", \"CrossTenantIdentitySyncSettings\", \"MultiTenantOrgTenant\", \"MultiTenantOrgIdentitySyncPolicyTemplate\", \"MultiTenantOrgPartnerConfigurationTemplate\")\n or OperationName has_any (\"cross-tenant\", \"MultiTenantOrg\", \"multi tenant org\")\n| extend\n Initiator = iif(isnotempty(InitiatedBy[\"app\"]), tostring(InitiatedBy[\"app\"][\"displayName\"]), tostring(InitiatedBy[\"user\"][\"userPrincipalName\"])),\n InitiatorId = iif(isnotempty(InitiatedBy[\"app\"]), tostring(InitiatedBy[\"app\"][\"servicePrincipalId\"]), tostring(InitiatedBy[\"user\"][\"id\"])),\n IPAddress = tostring(InitiatedBy[tostring(bag_keys(InitiatedBy)[0])][\"ipAddress\"])\n| mv-expand TargetResource = iff(array_length(TargetResources) == 0, dynamic([\"\"]), TargetResources)\n| mv-apply modifiedProperty = TargetResource[\"modifiedProperties\"] on (\n summarize NewValues = make_bag(\n bag_pack(tostring(modifiedProperty[\"displayName\"]), trim(@'[\\\"\\s]+', tostring(modifiedProperty[\"newValue\"]))))\n )\n| extend\n PartnerIdentifier = tostring(NewValues[\"PartnerIdentifier\"]),\n PartnerPolicyType = tostring(NewValues[\"PartnerPolicyType\"]),\n PartnerPolicyDetail = tostring(NewValues[\"PartnerPolicyDetail\"]),\n PartnerPolicyDetailVersion = tostring(NewValues[\"PartnerPolicyDetailVersion\"]),\n MultiTenantOrgAddedByTenantId = tostring(NewValues[\"MultiTenantOrgAddedByTenantId\"])\n| project\n TimeGenerated,\n LoggedByService,\n Category,\n AADOperationType,\n Initiator,\n IPAddress,\n OperationName,\n Result,\n ResultDescription,\n PartnerIdentifier,\n PartnerPolicyType,\n PartnerPolicyDetail,\n PartnerPolicyDetailVersion,\n MultiTenantOrgAddedByTenantId,\n NewValues,\n AdditionalDetails,\n Identity,\n InitiatorId,\n InitiatedBy,\n TargetResources,\n CorrelationId<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Cette requ\u00eate permet de :<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[18],"class_list":["post-318","post","type-post","status-publish","format-standard","hentry","category-kql","tag-kql"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=318"}],"version-history":[{"count":1,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/318\/revisions"}],"predecessor-version":[{"id":319,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/318\/revisions\/319"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}