Microsoft announced yesterday that they were removing the requirement to provision an Azure storage account and manually configure Azure RMS logging, and that it would be now FREE and enabled automatically in ANY Azure RMS subscription new or old.
Microsoft details the process on Technet, let’s walk through it.
I previously did not have RMS logging configured on my tenant, so the first thing we’ll do is go grab the Azure Rights Management PowerShell module.
You’ll want to ensure that you’re running at least 126.96.36.199, which you can check by running the following command:
(Get-Module aadrm -ListAvailable).Version
It should be noted that Azure RMS writes logs to the new storage account in blobs, with each containing one or more W3C log records, in the order in which they were created.
It can take up to 15 minutes for the logs to appear in your storage account and you should absolutely download them locally to process.
First, let’s open PS as an Administrator and run the following command:
Run the following command to download the logs for a specific date to our newly created C:\AZRMS Logs folder:
Get-AadrmUserLog -Path <location> -fordate <date>
You cannot specify less than a whole day to download.
You can also aggregate your log files into a CSV by using Microsoft’s Log Parser.
Here, we’ll run the following command to import all information into a .log file format
logparser –i:w3c –o:csv “SELECT * INTO AllLogs.csv FROM *.log”
You can then open up the CSV and see the format
Now I took it 1 step further and imported this data into PowerBI and checked out some of the Quick Insights!