Query Details
Office Userto Admin Group
Query
//Office 365: Add a User to an Admin Group OfficeActivity | where ((Operation == "Add member to group") and (ResultStatus == "Success") and (ModifiedProperties contains "admin"))
Explanation
This query is looking for successful actions where a user is added to an admin group in Office 365. It filters the OfficeActivity table based on specific conditions such as the operation being "Add member to group", the result status being "Success", and the modified properties containing the word "admin".
Details
Rod Trent
Released: November 5, 2021
Tables
OfficeActivity
Keywords
OfficeActivity,Operation,Add,member,group,ResultStatus,Success,ModifiedProperties,admin
Operators
where==andcontains