How to check user activity logs from Azure AD
Question
Is there any ways to see the user logs? I know, there are two options which given "Signin logs" and "Audit logs" form "Users". However, i think that is not sufficient.
For example, some of the users complains,
- they had access to Azure subscription and now its removed.
- they has access to access package and now its removed etc...
However, when I'm trying to find those from "Signin logs" or "audit logs" I don't see any such details.
My question is, is there any way, I just give the user's email ID and get all the details ( what subscription assigned and when? what access package assigned and when? when user logged in and what activities performed? etc..) about user from the Azure portal? or lets say, when someone got access to certain resources and when the access removed?
1 answers
solution1
0 2022-02-18 17:03:11
they had acecss to Azure subscription and now its removed.
This could mean that their role assignment was deleted which will show up in the Activity Log of the subscription. Activity logs are just kept for a certain time so if you want to keep it for longer and allow a better way to search through it, send it to a permanent storage .
Or they were removed from an AAD group which has access to the subscription, this will show up in the Audit logs of AAD.
You can send those logs to the same Log Analytics workspace and query it. For example, to see the group membership changes for a user "user@test.com" who has a User Principal Name of "user_test.com" in the tenant you could use
AuditLogs
| where Category == "GroupManagement"
| where TargetResources has "user_test.com"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.