Forum Discussion
Old ATP portal - activities overview
Hi,
I often use the "Activities" overview in the old ATP portal (When I lookup a user) - it gives a quick overview of what a uses actions. But successful and failed - can often be helpful when troubleshooting.
But since the ATP portal is being redirected to the security portal - where do I find similar information in the security portal?
There is a timeline under the user page - but that info seems to come from cloud app security and doesn't contain the same information.
- AzureGuineaPigCopper ContributorThe best thing MS can do is bring back the activities timeline view, with all the "security alerts" and "activities by type" categories in a single pain of glass.
- LiorShapiraMicrosoftThe new Identity timeline as part of the User page in M365D portal represents activities from MDI/MDE/MDA. The same activities that you're seeing in the legacy portal should be available in the new user timeline too.
In the next coming weeks, an "Activity type" filter will be available, and I assume it will help you to look specifically for failed and successful log on events related to a user.
For any other feedback or question regarding the timeline, please contact me directly and I'll be happy to assist: t-lshapira@microsoft.com- Jens_ManderCopper ContributorHi ll,
I am also missing the timeline for AD-groups. In the past (in the old portal) I often took a look at timelines of groups to see for example who added users to this group. Is this information still available anywhere? advanced hunting?
Cheers, Jens...- LiorShapiraMicrosoft
Hi Jens,
Yes, you can use Advanced Hunting to see those changes and look for a specific group.
For example:
IdentityDirectoryEvents
| where ActionType =="Group Membership changed"
| extend RemoveFromGroupName=AdditionalFields['FROM.GROUP']
| extend AddToGroupName=AdditionalFields['TO.GROUP']
| where RemoveFromGroupName =="Users" or AddToGroupName =="Users"
In addition, we are working on adding this information to the User timeline (for both users involved in this activity).