View audit history for Azure AD roles in PIM

You can use the Azure Active Directory (Azure AD) Privileged Identity Management (PIM) audit history to see all the role assignments and activations within the past 30 days for all privileged roles. If you want to see the full audit history of activity in your directory, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports.

View audit history

Follow these steps to view the audit history for Azure AD roles.

  1. Sign in to Azure portal with a user that is a member of the Privileged Role Administrator role.

  2. Open Azure AD Privileged Identity Management.

  3. Click Azure AD roles.

  4. Click Directory roles audit history.

    Depending on your audit history, a column chart is displayed along with the total activations, max activations per day, and average activations per day.

    Directory roles audit history

    At the bottom of the page, a table is displayed with information about each action in the available audit history. The columns have the following meanings:

    Column Description
    Time When the action occurred.
    Requestor User who requested the role activation or change. If the value is Azure System, check the Azure audit history for more information.
    Action Actions taken by the requestor. Actions can include Assign, Unassign, Activate, Deactivate, or AddedOutsidePIM.
    Member User who is activating or assigned to a role.
    Role Role assigned or activated by the user.
    Reasoning Text that was entered into the reason field during activation.
    Expiration When an activated role expires. Applies only to eligible role assignments.
  5. To sort the audit history, click the Time, Action, and Role buttons.

Filter audit history

  1. At the top of the audit history page, click the Filter button.

    The Update chart parameters pane appears.

  2. In Time range, select a time range.

  3. In Roles, add checkmarks for the roles you want to view.

    Update chart parameters pane

  4. Click Done to view the filtered audit history.

Next steps