Forum Discussion
Old ATP portal - activities overview
I am also missing the timeline for AD-groups. In the past (in the old portal) I often took a look at timelines of groups to see for example who added users to this group. Is this information still available anywhere? advanced hunting?
Cheers, Jens...
MicrosoftHi Jens,
Yes, you can use Advanced Hunting to see those changes and look for a specific group.
For example:
IdentityDirectoryEvents
| where ActionType =="Group Membership changed"
| extend RemoveFromGroupName=AdditionalFields['FROM.GROUP']
| extend AddToGroupName=AdditionalFields['TO.GROUP']
| where RemoveFromGroupName =="Users" or AddToGroupName =="Users"
In addition, we are working on adding this information to the User timeline (for both users involved in this activity).
this query shows "only" who has been added or removed to/from a group. A bit like described in this article: Track changes to sensitive groups with Advanced Hunting in Microsoft 365 Defender - Microsoft Community Hub
But in the old portal, regarding the timeline of an on-premises Active Directory Group, I also could see who has added/removed the user, even when the group wasn't marked as sensitive.Here a screenshot from "older days".
Cheers, Jens...
- LiorShapiraAs I mentioned above, we are working on adding the same information to the new User timeline, and also adding the ability to filter and look for a specific activity such as "group membership changed" (for both sensitive/non-sensitive groups, in Advanced hunting is already for both).
LiorShapira So MSFT forced everyone to use the "new" portal before they had full functionality? Great user experience...
- Thx alot, will try it soon. Cheers, Jens...
