question

Mattiv36 avatar image
0 Votes"
Mattiv36 asked JamesTran-MSFT edited

Azure PIM Logs

HI All,

Looking to automate the export of PIM logs (Activiation, Approvals, Role ammendments etc) into a storage account or loganalytics workspace where they can be retained for an undefined amount of time potentially 5 years. I undertstand you can click the export button but doing this manually once a month or however often ist scalable long term.

All the best,
Matt

azure-active-directoryazure-ad-audit-logsazure-ad-privileged-identity-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
1 Vote"
JamesTran-MSFT answered JamesTran-MSFT edited

@Mattiv36
Thank you for your post!

My team and I weren't able to find any documentation regarding the automation of exporting PIM logs into a storage account or workspace. However, I did find a PIM REST API that might help you gather audit events.


If you want to see the full audit history of activity in your Azure Active Directory (Azure AD) organization, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports. You can also integrate Azure AD logs with Azure Monitor logs, which allows you to query data to find particular events, analyze trends, and perform correlation across various data sources.


Since this feature isn't available as of now, I'd recommend leveraging our user voice forum so our engineering team can look into implementing your feature request.

Current User Voice item - Support Diagnostic Settings for PIM Audit Logs


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JobyK-0495 avatar image
0 Votes"
JobyK-0495 answered

How to send logs from PIM to Defender or Splunk , Please share us the steps

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.