question

YuriVinokurov-3930 avatar image
0 Votes"
YuriVinokurov-3930 asked YuriVinokurov-3930 commented

Odd entries in Activity logs

Hello All,

I've found some odd entries in Activity logs that I can't recognize and explain at my current level of expertise.
93509-whatsapp-image-2021-05-03-at-220150.jpeg93565-whatsapp-image-2021-05-03-at-221051.jpeg93591-whatsapp-image-2021-05-03-at-221339.jpeg93510-whatsapp-image-2021-05-03-at-221455.jpeg93536-whatsapp-image-2021-05-03-at-221750.jpeg




Would you please assist with interpreting these? Subscription owner was hacked recently and now becomes a bit paranoid of all such stuff

azure-ad-audit-logs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered YuriVinokurov-3930 commented

@YuriVinokurov-3930
Thank you for your post!

Microsoft.Management:
This is a create event, and it looks like a subscription might've been created or even associated with your Azure tenant.
93696-image.png


Create Role Assignment:
It looks like there was a Microsoft.Authorization/roleAssignments/write action that created a role assignment. This might be a custom role that was created since I wasn't able to find the built-in role ID using any of the IDs within your JSON screenshot.
93670-image.png


When it comes to protecting your Subscription Owners Azure account I'd recommend enabling Azure AD Security Defaults. Security defaults make it easier to help protect your organization from attacks with preconfigured security settings. For more info.


Additional Links:
Azure AD audit activity reference
View activity logs to monitor actions on resources



I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (59.6 KiB)
image.png (121.2 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@YuriVinokurov-3930
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

Thanks, James - at least now I know where to dig!

0 Votes 0 ·