堆栈内存溢出
  简体   繁体   English

如何查看来自 Azure AD 的用户活动日志

[英]How to check user activity logs from Azure AD

 原文  2022-02-18 08:00:42       azure/ azure-active-directory

问题描述

Is there any ways to see the user logs?有什么方法可以查看用户日志吗? I know, there are two options which given "Signin logs" and "Audit logs" form "Users".我知道,有两个选项从“用户”中给出“登录日志”和“审核日志”。 However, i think that is not sufficient.但是,我认为这还不够。

For example, some of the users complains,例如,一些用户抱怨,

  1. they had access to Azure subscription and now its removed.他们可以访问 Azure 订阅,现在已删除。
  2. they has access to access package and now its removed etc...他们有权访问 package,现在它已被删除等...

However, when I'm trying to find those from "Signin logs" or "audit logs" I don't see any such details.但是,当我尝试从“登录日志”或“审核日志”中查找这些信息时,我看不到任何此类详细信息。

My question is, is there any way, I just give the user's email ID and get all the details ( what subscription assigned and when? what access package assigned and when? when user logged in and what activities performed? etc..) about user from the Azure portal?我的问题是,有什么办法吗,我只提供用户的 email ID 并获取有关用户的所有详细信息(分配了什么订阅,何时分配?package 分配了什么访问权限,何时分配?用户何时登录以及执行了哪些活动?等等)来自 Azure 门户? or lets say, when someone got access to certain resources and when the access removed?或者说,当某人获得某些资源的访问权限以及访问权限何时被删除?

1 个解决方案

解决方案1
 0  2022-02-18 17:03:11

they had acecss to Azure subscription and now its removed.他们可以访问 Azure 订阅,现在已删除。

This could mean that their role assignment was deleted which will show up in the Activity Log of the subscription.这可能意味着他们的角色分配已删除,这将显示在订阅的活动日志中。 Activity logs are just kept for a certain time so if you want to keep it for longer and allow a better way to search through it, send it to a permanent storage .活动日志只会保留一段时间,因此如果您想保留更长时间并允许更好的搜索方式, 请将其发送到永久存储

在此处输入图像描述

Or they were removed from an AAD group which has access to the subscription, this will show up in the Audit logs of AAD.或者它们已从有权访问订阅的 AAD 组中删除,这将显示在 AAD 的审核日志中。

在此处输入图像描述

You can send those logs to the same Log Analytics workspace and query it.您可以将这些日志发送到同一个 Log Analytics 工作区并进行查询。 For example, to see the group membership changes for a user "user@test.com" who has a User Principal Name of "user_test.com" in the tenant you could use例如,要查看租户中用户主体名称为“user_test.com”的用户“user@test.com”的组成员身份更改,您可以使用

AuditLogs
| where Category == "GroupManagement"
| where TargetResources has "user_test.com"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从 Azure Runbook 创建 Azure AD 用户 - Creating Azure AD user from Azure Runbook 如何检查来自非图形 Azure AD 令牌的用户是否是 APIM 策略中 email 分发列表的成员 - How do I check if the user from a non-Graph Azure AD token is a member of an email distribution list in an APIM policy 通过 web 活动从 azure 广告获取群组成员 - get group members from azure ad via web activity 如何从blazor app调用Azure AD B2C edit profile user flow? - How to call Azure AD B2C edit profile user flow from blazor app? 如何在Flutter移动应用程序中将Azure AD用户登录到Firebase? - How to sign a Azure AD user into Firebase in a Flutter mobile app? 如何从客户端获取登录用户的 access_token? 使用Azure AD B2C混合流 - How to get access_token from client side for signed in user? using Azure AD B2C hybrid flow Azure AD 使用密码创建来宾用户 - Azure AD Create guest user with password 无法列出 azure 广告用户的属性 (createddatetime) - unable to list the properties of azure ad user (createddatetime) 如何将备份日志(1 年保留日志)从日志分析工作区移动到 azure 存储帐户 - How to move backup logs (1 year retention logs) from log analytics workspace to azure storage account 如何将多个 Azure AD 用户数据与后端数据聚合? - How to aggregate multiple Azure AD users data with data from backend?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM