I’m trying to retrieve audit logs or activity reports related to sensitivity labels applied to files stored in SharePoint using the Microsoft Graph API. Specifically, I want to track when a sensitivity label is applied or changed on a file within SharePoint.

So far, I have tried the following Graph API queries:

GET https://graph.microsoft.com/v1.0/security/alerts?$filter=category eq 'DataGovernance' and activityDisplayName eq 'FileLabelApplied'

However, I’m receiving the following error message:

{
    "error": {
        "code": "",
        "message": "Invalid ODATA query filter",
        "innerError": {
            "date": "2024-08-13T02:21:43",
            "request-id": "496b45e7-3e21-4524-9249-e506d378bd45",
            "client-request-id": "b7fdc2ec-f62c-8199-4248-fdb0913a29ad"
        }
    }
}

I have tried the following Graph API query 새ㅐ:

https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'DataGovernance' and operationType eq 'LabelApplied'

This query returned an empty result:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/directoryAudits",
    "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET auditLogs/directoryAudits?$select=activityDateTime,activityDisplayName",
    "value": []
}

To ensure that the API should return some results, I manually applied a sensitivity label to a file in SharePoint and then ran the API call. However, the response still returned an empty result, even though there should be a log entry for this action.

Is there a specific Graph API endpoint or query parameters that I should be using to retrieve logs related to sensitivity label applications on SharePoint files? Alternatively, is there another way to track these activities using the Graph API?

Any guidance on how to properly configure the API call or use alternative methods to obtain these logs would be greatly appreciated.