Query Details
Office Activity Visualize Top Guest Downloads
Query
//Visualize the top 20 files downloaded by Azure AD guests over the last month
//Data connector required for this query - Office 365
OfficeActivity
| where TimeGenerated > ago (30d)
| where Operation in ("FileSyncDownloadedFull", "FileDownloaded")
| where UserId contains "#ext#"
| summarize Count=count()by FileName=SourceFileName
| sort by Count desc
| take 20
| render barchart with (title="Top files downloaded by guests over the last month")Explanation
This query is looking at the OfficeActivity data and filtering for events where files were downloaded by Azure AD guests in the last month. It then groups the files by their names and counts how many times each file was downloaded. The results are sorted in descending order and only the top 20 files are shown in a bar chart visualization. The query requires the Office 365 data connector.
Details
Matt Zorich
Released: June 17, 2022
Tables
OfficeActivity
Keywords
OfficeActivity,TimeGenerated,Operation,UserId,FileName,SourceFileName,Count,render
Operators
whereagoincontainssummarizecountbysort bytakerender