Exercise - View activity logs for RBAC changes
First Up Consultants reviews role-based access control (RBAC) changes quarterly for auditing and troubleshooting purposes. You know that changes get logged in Azure Activity Log. Your manager has asked if you can generate a report of the role assignment and custom role changes for the last month.
View activity logs
The easiest way to get started is to view the activity logs with the Azure portal.
Click All services and then find Activity log.
Click Activity log to open the activity log.
Set the Timespan filter to Last month.
Add an Operation filter and type role to filter the list.
Select the following RBAC operations:
- Create role assignment (roleAssignments)
- Delete role assignment (roleAssignments)
- Create or update custom role definition (roleDefinitions)
- Delete custom role definition (roleDefinitions)
After a few moments, you'll see all the role assignment and role definition operations for the last month. It also includes a link to download the activity log as a CSV file.
Click one of the operations to see the activity log details.
In this unit, you learned how to use Azure Activity Log to list RBAC changes in the portal and generate a simple report.