Query Details
Office Activity Visualize Guest Downloadsfrom O365with Trend
Query
//Visualize how many files are being downloaded from your Office 365 tenant by guest accounts with trend
//Data connector required for this query - Office 365
let StartDate = now(-90d);
let EndDate = now();
OfficeActivity
| where TimeGenerated > ago(90d)
| where Operation in ("FileSyncDownloadedFull", "FileDownloaded")
| where UserId contains "#ext#"
| make-series TotalDownloads=count() on TimeGenerated in range(StartDate, EndDate, 1d)
| extend (RSquare, SplitIdx, Variance, RVariance, TrendLine)=series_fit_2lines(TotalDownloads)
| project TimeGenerated, TotalDownloads, TrendLine
| render timechart with (title="Guest downloads from Office 365 per day over time with trend")Explanation
This query visualizes the number of files being downloaded from your Office 365 tenant by guest accounts over time. It uses the Office 365 data connector and filters for specific operations related to file downloads. The query then groups the data by day and calculates the total number of downloads for each day. It also calculates a trend line to show the overall trend of guest downloads over time. The results are then displayed in a timechart with the title "Guest downloads from Office 365 per day over time with trend".
Details
Matt Zorich
Released: June 17, 2022
Tables
OfficeActivity
Keywords
Devices,Intune,User,Office365,Trend
Operators
whereletnowagoincontainsmake-seriesextendprojectrender