[英]How to check user activity logs from Azure AD
Is there any ways to see the user logs?有什么方法可以查看用户日志吗? I know, there are two options which given "Signin logs" and "Audit logs" form "Users".
我知道,有两个选项从“用户”中给出“登录日志”和“审核日志”。 However, i think that is not sufficient.
但是,我认为这还不够。
For example, some of the users complains,例如,一些用户抱怨,
- they had access to Azure subscription and now its removed.
他们可以访问 Azure 订阅,现在已删除。
- they has access to access package and now its removed etc...
他们有权访问 package,现在它已被删除等...
However, when I'm trying to find those from "Signin logs" or "audit logs" I don't see any such details.但是,当我尝试从“登录日志”或“审核日志”中查找这些信息时,我看不到任何此类详细信息。
My question is, is there any way, I just give the user's email ID and get all the details ( what subscription assigned and when? what access package assigned and when? when user logged in and what activities performed? etc..) about user from the Azure portal?我的问题是,有什么办法吗,我只提供用户的 email ID 并获取有关用户的所有详细信息(分配了什么订阅,何时分配?package 分配了什么访问权限,何时分配?用户何时登录以及执行了哪些活动?等等)来自 Azure 门户? or lets say, when someone got access to certain resources and when the access removed?
或者说,当某人获得某些资源的访问权限以及访问权限何时被删除?
they had acecss to Azure subscription and now its removed.
他们可以访问 Azure 订阅,现在已删除。
This could mean that their role assignment was deleted which will show up in the Activity Log of the subscription.这可能意味着他们的角色分配已删除,这将显示在订阅的活动日志中。 Activity logs are just kept for a certain time so if you want to keep it for longer and allow a better way to search through it, send it to a permanent storage .
活动日志只会保留一段时间,因此如果您想保留更长时间并允许更好的搜索方式, 请将其发送到永久存储。
Or they were removed from an AAD group which has access to the subscription, this will show up in the Audit logs of AAD.或者它们已从有权访问订阅的 AAD 组中删除,这将显示在 AAD 的审核日志中。
You can send those logs to the same Log Analytics workspace and query it.您可以将这些日志发送到同一个 Log Analytics 工作区并进行查询。 For example, to see the group membership changes for a user "user@test.com" who has a User Principal Name of "user_test.com" in the tenant you could use
例如,要查看租户中用户主体名称为“user_test.com”的用户“user@test.com”的组成员身份更改,您可以使用
AuditLogs
| where Category == "GroupManagement"
| where TargetResources has "user_test.com"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.