You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/role-based-access-control/elevate-access-global-admin.md
+6-9Lines changed: 6 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -339,11 +339,11 @@ When you call `elevateAccess`, you create a role assignment for yourself, so to
339
339
340
340
## View elevate access log entries
341
341
342
-
When access is elevated, an entry is added to the logs. As an administrator in Microsoft Entra ID, you might want to check when access was elevated and who did it. Elevate access log entries appear in both the directory audit logs and the directory activity logs. This section describes different ways that you can view the elevate access log entries.
342
+
When access is elevated or removed, an entry is added to the logs. As an administrator in Microsoft Entra ID, you might want to check when access was elevated and who did it.
343
343
344
-
### Differences between log types
344
+
Elevate access log entries appear in both the directory audit logs and the directory activity logs. Elevated access log entries for directory audit logs and directory activity logs include similar information. However, the directory audit logs are easier to filter and export. Also, the export capability enables you to stream access events, which can be used for your alert and detection solutions, such as Microsoft Sentinel or other systems.
345
345
346
-
Elevated access log entries for directory audit logs and directory activity logs include similar information. However, the directory audit logs are easier to filter and export. The export capability enables you to stream access events, which can be used for your alert and detection solutions such as Microsoft Sentinel or other systems.
346
+
This section describes different ways that you can view the elevate access log entries.
@@ -362,17 +362,14 @@ Elevated access log entries for directory audit logs and directory activity logs
362
362
363
363
:::image type="content" source="./media/elevate-access-global-admin/entra-id-audit-logs-filter.png" alt-text="Screenshot of directory audit logs with Service filter set to Azure RBAC (Elevated Access)." lightbox="./media/elevate-access-global-admin/entra-id-audit-logs-filter.png":::
364
364
365
-
1. To view when access was elevated, select one of the following audit logs to view the details.
365
+
1. To view details when access was elevated or removed, select these audit log entries.
366
366
367
367
`User has elevated their access to User Access Administrator for their Azure Resources`
368
+
`The role assignment of User Access Administrator has been removed from the user`
368
369
369
370
:::image type="content" source="./media/elevate-access-global-admin/entra-id-audit-logs-elevated-details.png" alt-text="Screenshot of directory audit logs that shows audit log details when access is elevated." lightbox="./media/elevate-access-global-admin/entra-id-audit-logs-elevated-details.png":::
370
371
371
-
1. To view when elevated access was removed, select one of the following audit logs to view the details.
372
-
373
-
`The role assignment of User Access Administrator has been removed from the user`
374
-
375
-
1. To download and view the payload of the events in the JSON format, select **Download** and **JSON**.
372
+
1. To download and view the payload of the log entries in JSON format, select **Download** and **JSON**.
376
373
377
374
:::image type="content" source="./media/elevate-access-global-admin/entra-id-audit-logs-download.png" alt-text="Screenshot of directory audit logs that shows the Download Audit Logs pane to download logs." lightbox="./media/elevate-access-global-admin/entra-id-audit-logs-download.png":::
0 commit comments