Query Details
Queries Each Person Ran
Query
//The actual KQL queries that each person ran in the last 7 days //Enabling the Diag Setting for the Audit log is required to expose the LAQueryLogs table LAQueryLogs | where TimeGenerated > ago(7d) | project AADEmail, QueryText
Explanation
This query retrieves the KQL queries that each person ran in the last 7 days from the LAQueryLogs table, but it requires enabling the Diag Setting for the Audit log. The query then projects the AADEmail and QueryText columns.
Details
Rod Trent
Released: September 30, 2020
Tables
LAQueryLogs
Keywords
Devices,Intune,User,Auditlog,LAQueryLogs,TimeGenerated,AADEmail,QueryText
Operators
where>agoproject