Edit

View update and sign-in activities for Managed identities

  • Article

This article explains how to view updates carried out to managed identities, and sign-in attempts made by managed identities.

Prerequisites

View updates made to user-assigned managed identities

This procedure demonstrates how to view updates carried out to user-assigned managed identities.

  1. In the Azure portal, browse to Activity Log.

Screenshot showing how to browse to the activity log in the Azure portal

  1. Select the Add Filter search pill and select Operation from the list.

Screenshot showing how to start building the search filter

  1. In the Operation dropdown list, enter these operation names: "Delete User Assigned Identity" and "Write UserAssignedIdentities".

Screenshot showing how to add operations to the search filter

  1. When matching operations are displayed, select one to view the summary.

Screenshot showing the summary of the operation

  1. Select the JSON tab to view more detailed information about the operation, and scroll to the properties node to view information about the identity that was modified.

Screenshot showing operation details

View role assignments added and removed for managed identities

Note

You will need to search by the object (principal) ID of the managed identity you want to view role assignment changes for

  1. Locate the managed identity you wish to view the role assignment changes for. If you're looking for a system-assigned managed identity, the object ID will be displayed in the Identity screen under the resource. If you're looking for a user-assigned identity, the object ID will be displayed in the Overview page of the managed identity.

User-assigned identity:

Screenshot showing how to get the object ID of user-assigned identity

System-assigned identity:

Screenshot showing how to get the object ID of system-assigned identity

  1. Copy the object ID.
  2. Browse to the Activity log.

Screenshot showing how to browse to the activity log in the Azure portal

  1. Select the Add Filter search pill and select Operation from the list.

Screenshot showing how to start building the search filter

  1. In the Operation dropdown list, enter these operation names: Create role assignment and Delete role assignment.

Screenshot showing how to add role assignment operations to the search filter

  1. Paste the object ID in the search box; the results will be filtered automatically.

Screenshot showing how to search by object ID

  1. When matching operations are displayed, select one to view the summary.

Screenshot showing the summary of role assignment for managed identity

View authentication attempts by managed identities

  1. Browse to Microsoft Entra ID.

Screenshot showing how to browse to active directory

  1. Select Sign-in logs from the Monitoring section.

Screenshot showing sign-in logs selection

  1. Select the Managed identity sign-ins tab.

Screenshot of the managed identities activity section showing all columns

  1. To view the identity's Enterprise application in Microsoft Entra ID, select the "Managed Identity ID" column.
  2. To view the Azure resource or user-assigned managed identity, search by name in the search bar of the Azure portal.

Screenshot showing managed identity sign-in events

Note

Since managed identity authentication requests originate within the Azure infrastructure, the IP Address value is excluded here.

Next steps