View activity and audit history for Azure resource roles in PIM

With Azure Active Directory (Azure AD) Privileged Identity Management (PIM), you can view activity, activations, and audit history for Azure resources roles within your organization. This includes subscriptions, resource groups, and even virtual machines. Any resource within the Azure portal that leverages the Azure role-based access control (RBAC) functionality can take advantage of the security and lifecycle management capabilities in PIM.

View activity and activations

To see what actions a specific user took in various resources, you can view the Azure resource activity that's associated with a given activation period.

  1. Open Azure AD Privileged Identity Management.

  2. Click Azure resources.

  3. Click the resource you want to view activity and activations for.

  4. Click Roles or Members.

  5. Click a user.

    You see a graphical view of the user's actions in Azure resources by date. It also shows the recent role activations over that same time period.

    User details with resource activity summary and role activations

  6. Click a specific role activation to see details and corresponding Azure resource activity that occurred while that user was active.

    Role activation selected and activity details displayed by date

Export role assignments with children

You may have a compliance requirement where you must provide a complete list of role assignments to auditors. PIM enables you to query role assignments at a specific resource, which includes role assignments for all child resources. Previously, it was difficult for administrators to get a complete list of role assignments for a subscription and they had to export role assignments for each specific resource. Using PIM, you can query for all active and eligible role assignments in a subscription including role assignments for all resource groups and resources.

  1. Open Azure AD Privileged Identity Management.

  2. Click Azure resources.

  3. Click the resource you want to export role assignments for, such as a subscription.

  4. Click Members.

  5. Click Export to open the Export membership pane.

    Export membership pane to export all members

  6. Click Export all members to export all role assignments in a CSV file.

    Exported role assignments in CSV fil as display in Excel

View resource audit history

Resource audit gives you a view of all role activity for a resource.

  1. Open Azure AD Privileged Identity Management.

  2. Click Azure resources.

  3. Click the resource you want to view audit history for.

  4. Click Resource audit.

  5. Filter the history using a predefined date or custom range.

    Resource audit list with filters

  6. For Audit type, select Activate (Assigned + Activated).

    Resource audit list that is filtered by Activate audit type

  7. Under Action, click (activity) for a user to see that user's activity detail in Azure resources.

    User activity details for a particular action

View my audit

My audit enables you to view your personal role activity.

  1. Open Azure AD Privileged Identity Management.

  2. Click Azure resources.

  3. Click the resource you want to view audit history for.

  4. Click My audit.

  5. Filter the history using a predefined date or custom range.

    Audit list for the current user

Next steps