Portable Audit eXporter (PAX) is a solution set for exporting Microsoft 365 Copilot, AI agent, and broader workload usage data into analysis-ready CSV — or straight into Microsoft Fabric (OneLake) Delta Lake tables — ready for Power BI or your preferred analysis tool. It uses the Microsoft Graph API to pull that data from Microsoft Purview (the Unified Audit Log), Microsoft Entra ID (user and organizational details), and the Microsoft 365 Admin Center (MAC). It is the toolset designed to power the Microsoft Copilot Growth ROI Advisory team's Power BI templates published in the Copilot Analytics Lab — frontier analytics for Copilot and agents, offering guided dashboard templates, ready-to-run sample code, and proven playbooks grounded in real customer deployments to help you design and deploy analytics beyond what's available in Viva Insights today (including the AI-in-One Dashboard, AI Business Value Dashboard, M365 Usage Dashboard, and more).

There are three ways to use PAX. They are listed below in the order most customers should consider them.

🏷️ Coming soon

PAX Cookbook is a friendly, free, open-source Windows app that runs the PAX engine for you: guided forms instead of switches, saved recipes instead of copy-paste, and a tidy kitchen instead of a terminal. It's the easiest way to get the most out of PAX — no syntax to memorize and no paths to hand-write.

• 🍳 Recipes — save a run once (dates, scope, output), reopen and re-run it in a click
• ✅ Taste Tests — a preflight check catches missing fields and bad paths before you commit to a full run
• 📒 Bakes & history — every run is recorded with status, output files, and scrollable logs
• 🔑 Chef's Keys — credentials live in Windows Credential Manager, never in recipes, logs, commands, or output
• 📤 Flexible destinations — bake straight to a local folder, a SharePoint document library, or Microsoft Fabric (OneLake) Delta tables — no extra scripting
• ⏰ Scheduled bakes — hand any recipe to Windows Task Scheduler for automatic daily/weekly/monthly runs
• 🔄 Always current — on install the app fetches the latest PAX engine straight from this repo and keeps both the app and the engine up to date in place — no return trips to GitHub, no version hunting

⬇️ Get PAX Cookbook →  ·  Free · open source · local-first · credential-safe · no audit data stored in the app

Under the hood, every Cookbook bake runs the same PAX engine: a set of enterprise-grade PowerShell scripts you can also run standalone in your own terminal. The flagship script in the set — and the one most customers will use — is the Purview Audit Log Processor. It retrieves Microsoft 365 Copilot, AI agent, and broader workload audit records from the Microsoft Purview Unified Audit Log via Microsoft Graph API (default) or Exchange Online Management (EOM).

Highlights of the Purview Audit Log Processor:

• Microsoft 365 Copilot, Unlicensed Copilot, and AI agent signal coverage
• Microsoft 365 Usage Bundle for productivity-workload activity (Teams, Exchange, SharePoint, OneDrive, Word, Excel, PowerPoint, OneNote, Forms, Stream, Planner, PowerApps) captured in the same run alongside Copilot telemetry
• Entra ID user + Microsoft 365 Copilot (MAC) licensing enrichment
• Long-running enterprise exports with checkpoint & resume, append capabilities, rolled up data architecture support to shrink data footprint, parallel processing, adaptive time-slicing, and server record limit detection and override
• Flexible filtering by user, group, agent, activity type, record/service type, and date range
• Flexible output destinations: local folder, SharePoint document library, or directly into Microsoft Fabric (OneLake) Delta tables — for unattended Azure-hosted runs, paired with Managed Identities

Grab the script and its docs from the PAX PowerShell Script links above.

Prefer the command line but don't want to hand-write switches? Mini-Kitchen is a browser-only companion (no install) whose whole job is to build a clean, copy-ready PAX command line for you to paste into your own terminal. You point-and-click your options, Mini-Kitchen renders the exact pwsh command, you copy it, and you run it yourself against the PAX script downloaded from this repo. It ships ready-made presets for the AI-in-One and M365 Usage Analytics dashboards (and others), saves recipes right in your browser, and exports portable .paxlite files you can later import into the full PAX Cookbook app.

Mini-Kitchen never runs PAX for you — it only writes the command. It does not touch your tenant or your data: it uses no user credentials, app-registration secrets, or certificates, pulls no audit data and no user/Entra information, and does not connect to your Microsoft 365 tenant, Microsoft Graph, Purview, or your SharePoint/Fabric/local storage. The only thing it reads or writes is the .paxlite recipe file you choose to export or import — which itself holds only your saved command options and stays entirely on your device. All authentication and data export happen later, when you run the generated command yourself.

⌨️ Open Mini-Kitchen →  ·  Browser-only · no install · no tenant connection · no credentials or data

The PAX set also includes two specialized companion scripts for narrower use cases:

• Copilot Interactions Content Audit Log Processor — pulls the actual prompt and response content of Microsoft 365 Copilot interactions directly from the Graph aiInteraction resource type (content-rich analysis with optional body text), with incremental watermark exports and user enrichment. Use this when you specifically need interaction content, not just usage telemetry.
• Graph Audit Log Processor — a lightweight Graph-API-only export of Copilot usage records together with Entra user/organizational details and Copilot licensing. Use this when you do not need Purview Unified Audit Log coverage.

Most customers only need the Purview Audit Log Processor. The other two scripts are not replacements for it — they target different data sources and narrower scenarios. If you are unsure which to use, start with the Purview Audit Log Processor.

For pulling raw Copilot prompt/response content.

• Download: PAX_CopilotInteractions_Content_Audit_Log_Processor_v2.0.0.ps1
• Resources: Documentation | Release Notes
• Archives: All Documentation | All Release Notes | Previous Versions

For lightweight Graph-API-only Copilot usage + Entra user/licensing exports.

• Download: PAX_Graph_Audit_Log_Processor_v1.0.1.ps1
• Resources: Documentation | Release Notes
• Archives: All Documentation | All Release Notes | Previous Versions

For questions or issues, refer to the documentation links next to each script above.

Managed and released by the Microsoft Copilot Growth ROI Advisory Team. Please reach out to copilot-roi-advisory-team-gh@microsoft.com with any feedback.

© Microsoft Corporation — MIT Licensed