I am trying to work with Export-ActivityExplorerData new cmdlet, but I can't the same data I was getting with Get-DlpIncidentDetailReport.
What I am trying to receive is all Activities that match "DLP rule match" rows I was getting with the retired cmdlet. Usually there should be 100+ of them matches.
For example this is the code I am using now:
$MyStartTime = "{0:MM}/{0:dd}/{0:yyyy} 00:01 AM" -f (get-date).AddDays(-7)
$MyEndTime = "{0:MM}/{0:dd}/{0:yyyy} 00:00 AM" -f (get-date).AddDays(0)
$DLPdata=Export-ActivityExplorerData -StartTime $MyStartTime -endtime $MyEndTime -OutputFormat json -PageSize 10000
$jsonString=$DLPdata.ResultData
$jsonObject = $jsonString | ConvertFrom-Json
$jsonObject | Export-Csv -Path 'E:\Path\to\json.csv' -NoTypeInformation
After opening the csv, if I sort after "Activity" to show only DLP rule matches there will be only one match and for this match the report does not include the other details like Get-DlpIncidentDetailReport used to like "Sensitive info type", "Rule", "Rule action", "Email", "FilePath" and "SensitiveInformationCount"
Based on Microsoft's documentation https://learn.microsoft.com/en-us/powershell/module/exchange/get-dlpdetailreport?view=exchange-ps, the new cmdlet should contain the same data as the retired one, but for some reason I cannot get the details I need.
Is there something that I am missing?