Users/guptadiksha/auditcore doc changes (#28450)

* Add 157 new auditLogRecordType enum members for AuditCore CSDL update

* Add 132 new auditData derived type resource docs for AuditCore CSDL update

- Created resource documentation for 132 new audit record types
- Updated auditdata-derived-types.md listing page (272 -> 404 entries)
- New types cover Copilot, Sentinel, Viva Glint, Defender, Purview, Fabric, and other M365 services

* Fix duplicate description attributes across resource files

* Add ConnectedAIAppInteraction member to auditLogRecordType enum

* Add connectedAIAppInteractionAuditRecord resource and derived type entry

* Refactor security audit log record type enum and update documentation

* Update the author of the new files

* Update changelog date, add what's new

---------

Co-authored-by: guptadiksha_microsoft <guptadiksha@microsoft.com>
Co-authored-by: Eunice Waweru <eunicewaweru@microsoft.com>
Co-authored-by: Faith Moraa Ombongi <ombongi.moraa.fe@gmail.com>

Author: 4 people

api-reference/beta/resources/enums-security.md

@@ -281,299 +281,6 @@ Namespace: microsoft.graph.security
 |cancelled|
 |unknownFutureValue|
 
-### auditLogRecordType values
-
-|Member|
-|:---|
-|ExchangeAdmin|
-|ExchangeItem|
-|ExchangeItemGroup|
-|SharePoint|
-|SyntheticProbe|
-|SharePointFileOperation|
-|OneDrive|
-|AzureActiveDirectory|
-|AzureActiveDirectoryAccountLogon|
-|DataCenterSecurityCmdlet|
-|ComplianceDLPSharePoint|
-|Sway|
-|ComplianceDLPExchange|
-|SharePointSharingOperation|
-|AzureActiveDirectoryStsLogon|
-|SkypeForBusinessPSTNUsage|
-|SkypeForBusinessUsersBlocked|
-|SecurityComplianceCenterEOPCmdlet|
-|ExchangeAggregatedOperation|
-|PowerBIAudit|
-|CRM|
-|Yammer|
-|SkypeForBusinessCmdlets|
-|Discovery|
-|MicrosoftTeams|
-|ThreatIntelligence|
-|MailSubmission|
-|MicrosoftFlow|
-|AeD|
-|MicrosoftStream|
-|ComplianceDLPSharePointClassification|
-|ThreatFinder|
-|Project|
-|SharePointListOperation|
-|SharePointCommentOperation|
-|DataGovernance|
-|Kaizala|
-|SecurityComplianceAlerts|
-|ThreatIntelligenceUrl|
-|SecurityComplianceInsights|
-|MIPLabel|
-|WorkplaceAnalytics|
-|PowerAppsApp|
-|PowerAppsPlan|
-|ThreatIntelligenceAtpContent|
-|LabelContentExplorer|
-|TeamsHealthcare|
-|ExchangeItemAggregated|
-|HygieneEvent|
-|DataInsightsRestApiAudit|
-|InformationBarrierPolicyApplication|
-|SharePointListItemOperation|
-|SharePointContentTypeOperation|
-|SharePointFieldOperation|
-|MicrosoftTeamsAdmin|
-|HRSignal|
-|MicrosoftTeamsDevice|
-|MicrosoftTeamsAnalytics|
-|InformationWorkerProtection|
-|Campaign|
-|DLPEndpoint|
-|AirInvestigation|
-|Quarantine|
-|MicrosoftForms|
-|ApplicationAudit|
-|ComplianceSupervisionExchange|
-|CustomerKeyServiceEncryption|
-|OfficeNative|
-|MipAutoLabelSharePointItem|
-|MipAutoLabelSharePointPolicyLocation|
-|MicrosoftTeamsShifts|
-|SecureScore|
-|MipAutoLabelExchangeItem|
-|CortanaBriefing|
-|Search|
-|WDATPAlerts|
-|PowerPlatformAdminDlp|
-|PowerPlatformAdminEnvironment|
-|MDATPAudit|
-|SensitivityLabelPolicyMatch|
-|SensitivityLabelAction|
-|SensitivityLabeledFileAction|
-|AttackSim|
-|AirManualInvestigation|
-|SecurityComplianceRBAC|
-|UserTraining|
-|AirAdminActionInvestigation|
-|MSTIC|
-|PhysicalBadgingSignal|
-|TeamsEasyApprovals|
-|AipDiscover|
-|AipSensitivityLabelAction|
-|AipProtectionAction|
-|AipFileDeleted|
-|AipHeartBeat|
-|MCASAlerts|
-|OnPremisesFileShareScannerDlp|
-|OnPremisesSharePointScannerDlp|
-|ExchangeSearch|
-|SharePointSearch|
-|PrivacyDataMinimization|
-|LabelAnalyticsAggregate|
-|MyAnalyticsSettings|
-|SecurityComplianceUserChange|
-|ComplianceDLPExchangeClassification|
-|ComplianceDLPEndpoint|
-|MipExactDataMatch|
-|MSDEResponseActions|
-|MSDEGeneralSettings|
-|MSDEIndicatorsSettings|
-|MS365DCustomDetection|
-|MSDERolesSettings|
-|MAPGAlerts|
-|MAPGPolicy|
-|MAPGRemediation|
-|PrivacyRemediationAction|
-|PrivacyDigestEmail|
-|MipAutoLabelSimulationProgress|
-|MipAutoLabelSimulationCompletion|
-|MipAutoLabelProgressFeedback|
-|DlpSensitiveInformationType|
-|MipAutoLabelSimulationStatistics|
-|LargeContentMetadata|
-|Microsoft365Group|
-|CDPMlInferencingResult|
-|FilteringMailMetadata|
-|CDPClassificationMailItem|
-|CDPClassificationDocument|
-|OfficeScriptsRunAction|
-|FilteringPostMailDeliveryAction|
-|CDPUnifiedFeedback|
-|TenantAllowBlockList|
-|ConsumptionResource|
-|HealthcareSignal|
-|DlpImportResult|
-|CDPCompliancePolicyExecution|
-|MultiStageDisposition|
-|PrivacyDataMatch|
-|FilteringDocMetadata|
-|FilteringEmailFeatures|
-|PowerBIDlp|
-|FilteringUrlInfo|
-|FilteringAttachmentInfo|
-|CoreReportingSettings|
-|ComplianceConnector|
-|PowerPlatformLockboxResourceAccessRequest|
-|PowerPlatformLockboxResourceCommand|
-|CDPPredictiveCodingLabel|
-|CDPCompliancePolicyUserFeedback|
-|WebpageActivityEndpoint|
-|OMEPortal|
-|CMImprovementActionChange|
-|FilteringUrlClick|
-|MipLabelAnalyticsAuditRecord|
-|FilteringEntityEvent|
-|FilteringRuleHits|
-|FilteringMailSubmission|
-|LabelExplorer|
-|MicrosoftManagedServicePlatform|
-|PowerPlatformServiceActivity|
-|ScorePlatformGenericAuditRecord|
-|FilteringTimeTravelDocMetadata|
-|Alert|
-|AlertStatus|
-|AlertIncident|
-|IncidentStatus|
-|Case|
-|CaseInvestigation|
-|RecordsManagement|
-|PrivacyRemediation|
-|DataShareOperation|
-|CdpDlpSensitive|
-|EHRConnector|
-|FilteringMailGradingResult|
-|PublicFolder|
-|PrivacyTenantAuditHistoryRecord|
-|AipScannerDiscoverEvent|
-|EduDataLakeDownloadOperation|
-|M365ComplianceConnector|
-|MicrosoftGraphDataConnectOperation|
-|MicrosoftPurview|
-|FilteringEmailContentFeatures|
-|PowerPagesSite|
-|PowerAppsResource|
-|PlannerPlan|
-|PlannerCopyPlan|
-|PlannerTask|
-|PlannerRoster|
-|PlannerPlanList|
-|PlannerTaskList|
-|PlannerTenantSettings|
-|ProjectForTheWebProject|
-|ProjectForTheWebTask|
-|ProjectForTheWebRoadmap|
-|ProjectForTheWebRoadmapItem|
-|ProjectForTheWebProjectSettings|
-|ProjectForTheWebRoadmapSettings|
-|QuarantineMetadata|
-|MicrosoftTodoAudit|
-|TimeTravelFilteringDocMetadata|
-|TeamsQuarantineMetadata|
-|SharePointAppPermissionOperation|
-|MicrosoftTeamsSensitivityLabelAction|
-|FilteringTeamsMetadata|
-|FilteringTeamsUrlInfo|
-|FilteringTeamsPostDeliveryAction|
-|MDCAssessments|
-|MDCRegulatoryComplianceStandards|
-|MDCRegulatoryComplianceControls|
-|MDCRegulatoryComplianceAssessments|
-|MDCSecurityConnectors|
-|MDADataSecuritySignal|
-|VivaGoals|
-|FilteringRuntimeInfo|
-|AttackSimAdmin|
-|MicrosoftGraphDataConnectConsent|
-|FilteringAtpDetonationInfo|
-|PrivacyPortal|
-|ManagedTenants|
-|UnifiedSimulationMatchedItem|
-|UnifiedSimulationSummary|
-|UpdateQuarantineMetadata|
-|MS365DSuppressionRule|
-|PurviewDataMapOperation|
-|FilteringUrlPostClickAction|
-|IrmUserDefinedDetectionSignal|
-|TeamsUpdates|
-|PlannerRosterSensitivityLabel|
-|MS365DIncident|
-|FilteringDelistingMetadata|
-|ComplianceDLPSharePointClassificationExtended|
-|MicrosoftDefenderForIdentityAudit|
-|SupervisoryReviewDayXInsight|
-|DefenderExpertsforXDRAdmin|
-|CDPEdgeBlockedMessage|
-|HostedRpa|
-|CdpContentExplorerAggregateRecord|
-|CDPHygieneAttachmentInfo|
-|CDPHygieneSummary|
-|CDPPostMailDeliveryAction|
-|CDPEmailFeatures|
-|CDPHygieneUrlInfo|
-|CDPUrlClick|
-|CDPPackageManagerHygieneEvent|
-|FilteringDocScan|
-|TimeTravelFilteringDocScan|
-|MAPGOnboard|
-|VfamCreatePolicy|
-|VfamUpdatePolicy|
-|VfamDeletePolicy|
-|M365DAAD|
-|CdpColdCrawlStatus|
-|PowerPlatformAdministratorActivity|
-|Windows365CustomerLockbox|
-|CdpResourceScopeChangeEvent|
-|ComplianceCCExchangeExecutionResult|
-|CdpOcrCostEstimatorRecord|
-|CopilotInteraction|
-|CdpOcrBillingRecord|
-|ComplianceDLPApplications|
-|UAMOperation|
-|VivaLearning|
-|VivaLearningAdmin|
-|PurviewPolicyOperation|
-|PurviewMetadataPolicyOperation|
-|PeopleAdminSettings|
-|CdpComplianceDLPExchangeClassification|
-|CdpComplianceDLPSharePointClassification|
-|FilteringBulkSenderInsightData|
-|FilteringBulkThresholdInsightData|
-|PrivacyOpenAccess|
-|OWAAuth|
-|ComplianceDLPApplicationsClassification|
-|SharePointESignature|
-|Dynamics365BusinessCentral|
-|MeshWorlds|
-|VivaPulseResponse|
-|VivaPulseOrganizer|
-|VivaPulseAdmin|
-|VivaPulseReport|
-|AIAppInteraction|
-|ComplianceDLMExchange|
-|ComplianceDLMSharePoint|
-|ProjectForTheWebAssignedToMeSettings|
-|CPSOperation|
-|ComplianceDLPExchangeDiscovery|
-|PurviewMCRecommendation|
-|unknownFutureValue|
-
 ### auditLogUserType values
 
 

api-reference/beta/resources/security-a365aiexecutetool.md

@@ -0,0 +1,39 @@
+---
+title: "a365AiExecuteTool resource type"
+description: "Represents an audit record for Microsoft 365 AI tool execution events."
+author: "diksha27"
+ms.subservice: security
+ms.localizationpriority: medium
+doc_type: resourcePageType
+ms.date: 03/17/2026
+toc.title: "A365Ai Execute Tool"
+---
+# a365AiExecuteTool resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents an audit record for Microsoft 365 AI tool execution events.
+
+Inherits from [microsoft.graph.security.auditData](../resources/security-auditdata.md). The audit data for this record type is returned as the **auditData** property in an [auditLogRecord](../resources/security-auditlogrecord.md).
+
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.security.a365AiExecuteTool"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.security.a365AiExecuteTool"
+}
+```

api-reference/beta/resources/security-a365aiinferencecall.md

@@ -0,0 +1,39 @@
+---
+title: "a365AiInferenceCall resource type"
+description: "Represents an audit record for Microsoft 365 AI inference call events."
+author: "diksha27"
+ms.subservice: security
+ms.localizationpriority: medium
+doc_type: resourcePageType
+ms.date: 03/17/2026
+toc.title: "A365Ai Inference Call"
+---
+# a365AiInferenceCall resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents an audit record for Microsoft 365 AI inference call events.
+
+Inherits from [microsoft.graph.security.auditData](../resources/security-auditdata.md). The audit data for this record type is returned as the **auditData** property in an [auditLogRecord](../resources/security-auditlogrecord.md).
+
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.security.a365AiInferenceCall"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.security.a365AiInferenceCall"
+}
+```