Forum Discussion
Azure AD PIM - Question on effective time usage of eligible roles after their JIT Activation
Hi Community, Using Azure AD PIM, suppose I have a role (example: Security Administrator) set as permanent eligible with "Activation maximum duration (hours)" = "8hrs". Suppose I usually activate t...
psal88 there is an audit logs view in Azure AD that shows all the activity performed by the users . you can filter by user , service , activity and date. So , if the aim to know how much the user used his eligible role during the 8 hours from the activation time , you can filter by this user and check first activity after activation and last activity , then you would realize how much time he used his eligible role within those 8 hours
Thanks elikarkafy, but how can I understand from the logs that the activities performed by the user are actually those (and only those) which are permitted by the role (e.g. Security Administrator)?
Thanks,
Paolo
PaoloSala88as I understand that your security administrator role is granted with specific access to some of your azure resources then you can use the azure resource activity in PIM . please refer to the below link to see how