Report audit recs file updates

Connect-ExchangeOnline -SkipLoadingCmdletHelp

param(
    [int] $LookbackDays = 180
)
 
$Modules = Get-Module | Select-Object -ExpandProperty Name
If ("ExchangeOnlineManagement" -notin $Modules) {
    Write-Host "Loading Exchange Online Management module"
    Connect-ExchangeOnline -SkipLoadingCmdletHelp
}
 
$FileName = (Read-Host "Enter file name to search")
[array]$Records = Search-UnifiedAuditLog -Operations FileModified, FileAccessed, FileUploaded `
  -ObjectIds $FileName -ResultSize 5000 -StartDate (Get-Date).AddDays(-$LookbackDays) -EndDate (Get-Date).AddDays(+1) `
  -SessionCommand ReturnLargeSet
 
If ($Records.Count -eq 0) {
    Write-Host "No audit records found for file names beginning with" $FileName
    Break
}
# Remove any duplicates
$Records = $Records | Sort-Object Identity -Unique | Sort-Object { $_.CreationDate -as [datetime]} -Descending
Write-Host ("Processing {0} audit records..." -f $Records.Count)
$Report = [System.Collections.Generic.List[Object]]::new()
ForEach ($Rec in $Records) {
  $AuditData = ConvertFrom-Json $Rec.Auditdata
  $ReportLine = [PSCustomObject]@{
    TimeStamp   = $Rec.CreationDate
    User        = $AuditData.UserId
    Action      = $AuditData.Operation
    SiteUrl     = $AuditData.SiteUrl
    Site        = $AuditData.SourceRelativeUrl
    File        = $AuditData.SourceFileName
    IpAddress   = $AuditData.ClientIP
    App         = $AuditData.UserAgent
  }
  $Report.Add($ReportLine)
}
 
Write-Host “All done”
$Report | Out-GridView -Title "File operation audit records"