In the example below, I’m creating a new service principal with the role “Log Analytics Reader” scoped just to the Log Analytics workspace where the AuditLogs are sent to. You can do this easily from the Azure portal using CloudShell. Then, in order to automate sending a daily report create a service principal in Azure AD with just the permissions necessary to read data from the Log Analytics workspace. You need a Log Analytics workspace, and you need to configure Diagnostics settings in the MEM portal to send AuditLogs to the workspace. Like the Admin Activity logs, System Event audit logs are held for 400 days before being deleted, while Policy Denied logs are deleted after just 30 days. Notice the Admin Activity logs are retained for 400 days, while Data Access logs are only retained for 30 days. Learn more about product audit logs in the Jira admin or Confluence admin. Go to Site Settings Under Site Collection Administration section, click Audit Log Reports Choose the appropriate Report Type Choose a location to save the report. You can retrieve these events by calling Activities.list () with applicationNamelogin. The table on your screen shows the retention period for each log type. The audit log tracks key activities that occur within Atlassian organization. To view Audit Log Reports you need to be a site collection administrator. You can do this with Graph (which gives you more data actually) but I decided to use Log Analytics for this instead. This document lists the events and parameters for various types of Login Audit activity events. In the Search for changes to administrator role groups page that opens, choose a Start date and End date (the default range is the past two weeks), and then choose Search. I do this for Endpoint Configuration Manager with a daily email report built from admin status messages, so I decided to create something similar for Intune / MEM.Īdmin actions are already audited for you in MEM (Tenant Administration > Audit logs) so it’s simply a case of getting that data into an email report. Use the EAC to view the admin audit log In the EAC, go to Compliance management > Auditing, and then choose Run the admin audit log report. In an environment where you have multiple admin users it’s useful to audit admin activities so everyone can be aware of changes that others have made.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |