From 6ad3e3c2fd86e245509513fd7ee960a4f81b2fbc Mon Sep 17 00:00:00 2001
From: mayanksahu11 <168190827+mayanksahu11@users.noreply.github.com>
Date: Wed, 16 Jul 2025 10:58:12 +0530
Subject: [PATCH 1/2] Update Export-ActivityExplorerData.md

---
 .../exchange/Export-ActivityExplorerData.md   | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md b/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
index f8a7575c14..b262926f1f 100644
--- a/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
+++ b/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
@@ -164,6 +164,93 @@ Valid activity filters include the following values:
 
 To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions).
 
+### Output
+The cmdlet exports following data columns. However, not all columns will be present for each activity. For details on exported column for different activities, it is recommended to check the activities on [Activity Explorer](https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer)
+- Activity
+- Happened
+- RecordIdentity
+- Workload
+- User
+- FilePath
+- HowApplied
+- HowAppliedDetail
+- LabelEventType
+- ClientIP
+- FileExtension
+- FileType
+- SensitivityLabel
+- OldSensitivityLabel
+- SensitivityLabelPolicyId
+- RetentionLabel
+- OldRetentionLabel
+- SourceLocationType
+- DestinationLocationType
+- Platform
+- ProductVersion
+- Application
+- ProcessName
+- DeviceName
+- MDATPDeviceId
+- Sha1
+- Sha256
+- ParentArchiveHash
+- EnforcementMode
+- Justification
+- OriginatingDomain
+- PreviousFileName
+- PreviousFilePath
+- TargetPrinterName
+- TargetDomain
+- TargetFilePath
+- FileSize
+- RMSEncrypted
+- IRMContentId
+- SensitiveInfoTypeData
+- SensitiveInfoTypeBucketsData
+- PolicyId
+- PolicyName
+- PolicyMode
+- RuleId
+- RuleName
+- RuleActions
+- MatchedWithV1DetailedScheme
+- Manufacturer
+- SerialNumber
+- Model
+- Sender
+- Subject
+- Receivers
+- UserSku
+- DataState
+- ProtectionEventType
+- ProtectionType
+- TemplateId
+- IsProtected
+- IsProtectedBefore
+- ProtectionOwner
+- PreviousProtectionOwner
+- ArtifactType
+- UserType
+- GroupId
+- GroupName
+- AssociatedAdminUnits
+- EndpointOperation
+- Hidden
+- JitTriggered
+- DlpPolicyMatchId
+- EvaluationTime
+- AuthorizedGroupId
+- AuthorizedGroupName
+- GroupType
+- EntityProperties
+- VpnServerAddress
+- VpnNetworkAddress
+- IsCorporateNetwork
+- StorageName
+- FullUrl
+- FalsePositive
+- Reason
+
 ## EXAMPLES
 
 ### Example 1

From ed28c50c1036c78e754be73f9eb09a9054e73dbd Mon Sep 17 00:00:00 2001
From: Chris Davis <chris.davis@microsoft.com>
Date: Wed, 16 Jul 2025 08:04:01 -0700
Subject: [PATCH 2/2] Update Export-ActivityExplorerData.md

---
 .../exchange/Export-ActivityExplorerData.md   | 174 +++++++++---------
 1 file changed, 87 insertions(+), 87 deletions(-)

diff --git a/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md b/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
index b262926f1f..78b9dd23dd 100644
--- a/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
+++ b/exchange/exchange-ps/exchange/Export-ActivityExplorerData.md
@@ -164,93 +164,6 @@ Valid activity filters include the following values:
 
 To use this cmdlet in Security & Compliance PowerShell, you need to be assigned permissions. For more information, see [Permissions in the Microsoft Purview compliance portal](https://learn.microsoft.com/purview/microsoft-365-compliance-center-permissions).
 
-### Output
-The cmdlet exports following data columns. However, not all columns will be present for each activity. For details on exported column for different activities, it is recommended to check the activities on [Activity Explorer](https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer)
-- Activity
-- Happened
-- RecordIdentity
-- Workload
-- User
-- FilePath
-- HowApplied
-- HowAppliedDetail
-- LabelEventType
-- ClientIP
-- FileExtension
-- FileType
-- SensitivityLabel
-- OldSensitivityLabel
-- SensitivityLabelPolicyId
-- RetentionLabel
-- OldRetentionLabel
-- SourceLocationType
-- DestinationLocationType
-- Platform
-- ProductVersion
-- Application
-- ProcessName
-- DeviceName
-- MDATPDeviceId
-- Sha1
-- Sha256
-- ParentArchiveHash
-- EnforcementMode
-- Justification
-- OriginatingDomain
-- PreviousFileName
-- PreviousFilePath
-- TargetPrinterName
-- TargetDomain
-- TargetFilePath
-- FileSize
-- RMSEncrypted
-- IRMContentId
-- SensitiveInfoTypeData
-- SensitiveInfoTypeBucketsData
-- PolicyId
-- PolicyName
-- PolicyMode
-- RuleId
-- RuleName
-- RuleActions
-- MatchedWithV1DetailedScheme
-- Manufacturer
-- SerialNumber
-- Model
-- Sender
-- Subject
-- Receivers
-- UserSku
-- DataState
-- ProtectionEventType
-- ProtectionType
-- TemplateId
-- IsProtected
-- IsProtectedBefore
-- ProtectionOwner
-- PreviousProtectionOwner
-- ArtifactType
-- UserType
-- GroupId
-- GroupName
-- AssociatedAdminUnits
-- EndpointOperation
-- Hidden
-- JitTriggered
-- DlpPolicyMatchId
-- EvaluationTime
-- AuthorizedGroupId
-- AuthorizedGroupName
-- GroupType
-- EntityProperties
-- VpnServerAddress
-- VpnNetworkAddress
-- IsCorporateNetwork
-- StorageName
-- FullUrl
-- FalsePositive
-- Reason
-
 ## EXAMPLES
 
 ### Example 1
@@ -497,4 +410,91 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## NOTES
 The date-time field exported via this cmdlet is in Coordinated Universal Time (UTC).
 
+The cmdlet exports following data columns. However, not all columns will be present for each activity. For details on exported column for different activities, we recommend checking the activities in [Activity Explorer](https://learn.microsoft.com/purview/data-classification-activity-explorer).
+
+- Activity
+- Application
+- ArtifactType
+- AssociatedAdminUnits
+- AuthorizedGroupId
+- AuthorizedGroupName
+- ClientIP
+- DataState
+- DestinationLocationType
+- DeviceName
+- DlpPolicyMatchId
+- EndpointOperation
+- EnforcementMode
+- EntityProperties
+- EvaluationTime
+- FalsePositive
+- FileExtension
+- FilePath
+- FileSize
+- FileType
+- FullUrl
+- GroupId
+- GroupName
+- GroupType
+- Happened
+- Hidden
+- HowApplied
+- HowAppliedDetail
+- IRMContentId
+- IsCorporateNetwork
+- IsProtected
+- IsProtectedBefore
+- JitTriggered
+- Justification
+- LabelEventType
+- Manufacturer
+- MatchedWithV1DetailedScheme
+- MDATPDeviceId
+- Model
+- OldRetentionLabel
+- OldSensitivityLabel
+- OriginatingDomain
+- ParentArchiveHash
+- Platform
+- PolicyId
+- PolicyMode
+- PolicyName
+- PreviousFileName
+- PreviousFilePath
+- PreviousProtectionOwner
+- ProcessName
+- ProductVersion
+- ProtectionEventType
+- ProtectionOwner
+- ProtectionType
+- Reason
+- Receivers
+- RecordIdentity
+- RetentionLabel
+- RMSEncrypted
+- RuleActions
+- RuleId
+- RuleName
+- Sender
+- SensitiveInfoTypeBucketsData
+- SensitiveInfoTypeData
+- SensitivityLabel
+- SensitivityLabelPolicyId
+- SerialNumber
+- Sha1
+- Sha256
+- SourceLocationType
+- StorageName
+- Subject
+- TargetDomain
+- TargetFilePath
+- TargetPrinterName
+- TemplateId
+- User
+- UserSku
+- UserType
+- VpnNetworkAddress
+- VpnServerAddress
+- Workload
+
 ## RELATED LINKS