Portable Audit eXporter (PAX) exports Copilot and AI usage data from Purview and Graph API audit logs via Graph API or EOM methods. All solutions export to CSV or Excel formats, ready for analysis in Power BI or your preferred data analysis tool.
The Purview Audit Log Processor retrieves audit records for Copilot interactions, AI agents, and third-party AI usage using Microsoft Graph API or Exchange Online Management (EOM), with DSPM for AI support including CopilotInteraction, AIInteraction (custom AI apps from Copilot Studio/Azure AI Studio), ConnectedAIAppInteraction (Microsoft and third-party AI apps deployed in your tenant), and AIAppInteraction (external third-party AI via network DLP). Includes Copilot user licensing information and AI agent type detection and categorization.
The Copilot Interactions Content Audit Log Processor retrieves detailed Microsoft 365 Copilot interaction content including user prompts and AI responses directly from Microsoft Graph API's aiInteraction resource type. Exports comprehensive interaction metadata, supports content-rich analysis with optional body content, and provides Entra ID user enrichment with M365 Copilot (MAC) licensing information. Features incremental exports with watermark state management, parallel processing for enterprise scale, and flexible filtering by users, applications, and date ranges.
The Graph Audit Log Processor retrieves Copilot usage data and comprehensive audit records directly from Microsoft Graph API, including Entra user and organizational details, along with Copilot licensing information.
⚠️ IMPORTANT: Usage & Compliance Disclaimer (click to expand)
Please note:
While this tool helps customers better understand their Microsoft 365 Copilot interaction data, Microsoft has no visibility into the data that customers input into this script/tool, nor does Microsoft have any control over how customers will use this script/tool in their environment.
Customers are solely responsible for securing, storing, and processing all exported data in compliance with their organization's policies and all applicable laws and regulations, including but not limited to data privacy, security, and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS, and data residency obligations).
This script outputs highly sensitive Copilot interaction content, including user prompts and Copilot responses, which may contain confidential, regulated, or personally identifiable information (PII). By using this script, you acknowledge and agree:
- You must implement appropriate safeguards, including encryption, access controls, and data classification, before running or sharing outputs generated by this script.
- Do not run this script on shared or unmanaged devices. Ensure that only authorized personnel have access to the exported data.
- Apply data loss prevention (DLP) policies and sensitive information detection where possible.
Microsoft provides this script "as-is" without warranties of any kind and disclaims all liability for any loss, breach, or misuse of data arising from or related to your use of this script. Microsoft does not provide support for custom modifications or downstream uses of this script. All operational risk and compliance obligations rest with you.
✅ Additional Guidance
Consult Your Compliance Team
Before using this script, consult your organization's legal and compliance teams to confirm that your planned usage aligns with internal policies and external regulatory requirements.
Retention & eDiscovery Obligations
Data exported by this script may fall under retention, legal hold, or eDiscovery obligations. Ensure that your organization's compliance policies are applied to any exported files.
🔐 Security Best Practices Checklist
- ☑ Rotate credentials regularly (client secrets or certificates) and never hard-code secrets in scripts.
- ☑ Run only in secure environments (managed devices, trusted networks).
- ☑ Apply encryption at rest and in transit for all exported files.
- ☑ Restrict access to exported data to authorized personnel only.
- ☑ Enable DLP and sensitivity labels to prevent accidental sharing.
- ☑ Validate storage location (e.g., secure SharePoint or encrypted file share).
- ☑ Review logs and outputs for sensitive content before distribution.
- ☑ Apply retention and deletion policies to exported data in line with compliance requirements.
🧪 Experimental Script Notice
This is an experimental script. On occasion, you may notice small deviations from metrics in the official Microsoft 365 Copilot Dashboards. We will continue to iterate based on your feedback. Currently available in English only.
🔍 Purview Audit Log Processor: Download the script →
PAX_Purview_Audit_Log_Processor_v1.9.0.ps1📖 Resources: Latest Documentation | Latest Release Notes
📚 Archives: All Documentation | All Release Notes | Previous Versions
💬 Copilot Interactions Content Audit Log Processor: Download the script →
PAX_CopilotInteractions_Content_Audit_Log_Processor_v1.2.0.ps1📖 Resources: Latest Documentation | Latest Release Notes
📚 Archives: All Documentation | All Release Notes | Previous Versions
📊 Graph Audit Log Processor: Download the script →
PAX_Graph_Audit_Log_Processor_v1.0.1.ps1📖 Resources: Latest Documentation | Latest Release Notes
📚 Archives: All Documentation | All Release Notes | Previous Versions
Keywords: microsoft-365-copilot, copilot-usage-data, copilot-analytics, m365-copilot-export, microsoft-copilot-audit, copilot-interaction-logs, purview-audit-logs, graph-api-audit, dspm-for-ai, ai-usage-analytics, copilot-studio-export, azure-ai-studio-logs, third-party-ai-monitoring, connected-ai-apps, ai-agent-detection, copilot-licensing-reports, microsoft-365-audit, exchange-online-management, unified-audit-log, copilot-data-export, ai-governance, copilot-compliance, microsoft-purview-dspm, copilot-usage-reports, m365-ai-analytics, copilot-power-bi, tenant-ai-monitoring, enterprise-copilot-analytics, copilot-csv-export, copilot-excel-export