![]() ![]() ![]() $output = Invoke-RestMethod -Uri $request -Method Get -ContentType "application/json" -Headers $authHeaderĪnd in the output still, don't see info about the group to which the user has been added. I used Rest API in order to catch the needed information: $request = "" Get-AzureADAuditDirectoryLogs -Filter "activityDateTime gt " | where-object activitydisplayname -eq "remove member from group" OneDrive for Business, Azure Active Directory, Microsoft Teams, Power BI. Is there a method for catching this info -> (D) using mentioned PowerShell command? below, the command I used: Get-AzureADAuditDirectoryLogs -Filter "activityDateTime gt " | where-object activitydisplayname -eq "Add member to group" | fl * This Integration is part of the Office 365 and Azure (Audit Log) Pack. I checked all "Id" from the output but I didn't find Directory Roles IDs. And as an output I can get only: A) B) and C). Select Azure Active Directory > Audit logs. An Event Hubs namespace and an event hub in your Azure subscription. I updated AD module on Azure portal, now I have AzureADPreview, and I am using cmd-let -> Get-AzureADAuditDirectoryLogs. A user who's a Global Administrator or Security Administrator for the Azure AD tenant. The logs are preserved for 90 days in Azure’s Event Logs store. You can also access this through the Azure Insights SDK, PowerShell, REST API and CLI. It includes system and user generated events. I need to get info about changes made on Directory roles (for example Global Administrator) I need details like, username - A) user who made a change, B) timestamp, C) action - add a user to a group or remove, D) name of the group to which user has been added. In a nutshell, Azure Audit Logs is the go-to place to view all control plane events/logs from all Azure resources. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |