question

ErikAndersson-2453 avatar image
0 Votes"
ErikAndersson-2453 asked michev commented

Audit logs - Target missing during the activity "Remove member from group"

Azure AD audit logs doesn't seem to log the group-id as a target during the activity "Remove member from group", any idea if this is intended or not?

It's a bit weird that you can't see logs for removed members in AAD > Groups > group_name > Audit log but you can see the "Add member to group"-activity

Seen this in two different tenants now.

Example of a removed member-log:
83548-image.png
83549-image.png

Example of a add member-log:
83550-image.png
83635-image.png


azure-active-directoryazure-ad-audit-logsazure-ad-group-management
image.png (14.2 KiB)
image.png (6.7 KiB)
image.png (14.9 KiB)
image.png (6.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered michev commented

Should be under Modified properties.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It is but since the group is not added as a target the audit logs for the groups doesn't show this entry which is a bit misleading.

For example if I go to AAD > Groups > group_name > Audit logs I only see the "Add member to group"-activity:

83636-image.png

But if I go to AAD > Audit logs I can see both entries:

83637-image.png


0 Votes 0 ·
image.png (21.5 KiB)
image.png (26.6 KiB)
michev avatar image michev ErikAndersson-2453 ·

Yeah I never understood how the "task-specific" audit log experiences are supposed to work, I just stick to the "general" one on the AAD blade.

0 Votes 0 ·