Home

Azure AD reports access

%3CLINGO-SUB%20id%3D%22lingo-sub-125442%22%20slang%3D%22en-US%22%3EAzure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125442%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3EI%20need%20some%20help%20here..!!%3C%2FP%3E%3CP%3EI'm%20looking%20for%20a%20way%20to%20grant%20access%20to%20Azure%20AD%20reports%20(%20Suspicious%20logons%2C%20Logins%20from%20Risky%20Ip's%20etc)%20under%20Office%20365%20admin%20console%20to%20members%20from%20security%2Fcompliance%20teams.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20be%20precise%2C%20I'm%20trying%20to%20give%20access%20to%20below%20report...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EO365%20admin%20console%20--%26gt%3B%20Reports%20--%26gt%3B%20Security%20and%20Compliance%20--%26gt%3B%26gt%3B%20Under%20'Auditing'%20-%20%3CSPAN%3E%3CA%20target%3D%22_blank%22%3EAzure%20AD%20reports%20(paid%20Office%20365%20subscription%20required)%20which%20takes%20us%20to%20Azure%20classic%20Portal.%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%3EAs%20per%20the%20MS%20documentation%2C%20i%20have%20tried%20adding%20user%20to%20Security%20Admin%2FSecurity%20Reader%20-%20No%20luck.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3EI've%20also%20tried%20adding%20user%20to%20Compliance%20admin%20role%20-%20No%20Luck%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EFirst%20thing%20-%20User%20does%20not%20see%20Auditing%20reports%20on%20Admin%20console.%20I%20have%20created%20a%20custom%20role%20group%20with%20Audit%20logs%2C%20View-only%20audit%20logs%20and%20security%20reader%20roles%20added%20to%20it%20and%20added%20user%20to%20the%20role%20group.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20had%20user%20register%20with%20Azure%20AD%20and%20is%20able%20to%20get%20into%20Azure%20portal%20fine%20--%26gt%3B%20but%20when%20he%20clicks%20on%20Reports%20on%20the%20console%20it%20says%20'%20Access%20denied'.%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FRegister-your-free-Azure-Active-Directory-subscription-d104fb44-1c42-4541-89a6-1f67be22e4ad%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FRegister-your-free-Azure-Active-Directory-subscription-d104fb44-1c42-4541-89a6-1f67be22e4ad%3Fui%3Den-US%26amp%3Brs%3Den-US%26amp%3Bad%3DUS%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI've%20been%20testing%20this%20in%20our%20test%20environment.%20-%20No%20luck%20so%20far.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20help%20on%20this%20will%20be%20greatly%20appreciated.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EKrishna%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-125442%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-130066%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-130066%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20point%20me%20at%20any%20documentation%20that%20defines%20the%20permissions%20required%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-129897%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-129897%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Azure%20subscription%20admin%20and%20O365%20admin%20roles%20are%20not%20connected%20in%20any%20way%2C%20make%20sure%20you%20have%20the%20necessary%20permissions%20granted%20in%20the%20SCC.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-129691%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-129691%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20similar%20issue.%20%26nbsp%3BEven%20though%20I%20am%20an%20administrator%20on%20our%20Azure%20subsription%2C%20and%20can%20view%20reports%20(eg%20Risky%20sign-ins)%20through%20the%20Azure%20portal%2C%20if%20I%20try%20and%20access%20reports%20via%20the%20O365%20portal%20(%3CSPAN%3EAzure%20AD%20reports%20under%20Security%20and%20Compliance)%2C%20it%20asks%20me%20to%20sign%20up%20for%20a%20new%20Azure%20subscription%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125959%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125959%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20I%20created%20the%20role%20group%20under%20Permissions%20on%20Exchange%20Admin%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125934%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125934%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20add%20the%20role%20in%20the%20Exchange%20Admin%20Center%3F%20Also%2C%20the%20Audit%20log%20search%20is%20found%20under%20Search%26amp%3BInvestigation%20in%20the%20SCC%2C%20just%20making%20sure%20we%20talk%20about%20the%20same%20thing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125926%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125926%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Vasil%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20response..!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20did%20try%20that...I%20created%20a%20custom%20role%20group%20with%20%22View-only-%20Auditlogs'%20and%20that%20did%20not%20help%20too.%20Have%20also%20tried%20%22Reports%20Reader%22%20-%20No%20luck%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20i%20login%20to%20365%20admin%20console%20with%20the%20account%20with%20reports%20reader%20and%20member%20of%20'Audit%20logs%2Fview-only%20audit%20logs'%20-%20i%20don't%20even%20get%20to%20see%20Auditing%20logs%20under%20Reports%20--%26gt%3B%20Security%20and%20Compliance.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20more%20suggestions..%3F%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKrishna%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-125707%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20reports%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125707%22%20slang%3D%22en-US%22%3E%3CP%3ETry%20assigning%20the%20newly%20introduced%20%22%3CSPAN%20class%3D%22f-rdlbl%22%3EReports%20reader%3C%2FSPAN%3E%22%20role.%20If%20that%20doesn't%20work%2C%20you%20can%20also%20try%20assigning%20the%20%22ViewOnlyAuditLogs%22%20role%20in%20the%20Exchange%20Admin%20Center%20(yes%2C%20Exchange%2C%20not%20the%20SCC).%3C%2FP%3E%3C%2FLINGO-BODY%3E
Naga Krishna
Occasional Contributor

 

Hi All,

I need some help here..!!

I'm looking for a way to grant access to Azure AD reports ( Suspicious logons, Logins from Risky Ip's etc) under Office 365 admin console to members from security/compliance teams.

 

To be precise, I'm trying to give access to below report...

 

O365 admin console --> Reports --> Security and Compliance -->> Under 'Auditing' - Azure AD reports (paid Office 365 subscription required) which takes us to Azure classic Portal.


As per the MS documentation, i have tried adding user to Security Admin/Security Reader - No luck.


I've also tried adding user to Compliance admin role - No Luck

 

First thing - User does not see Auditing reports on Admin console. I have created a custom role group with Audit logs, View-only audit logs and security reader roles added to it and added user to the role group.

 

I had user register with Azure AD and is able to get into Azure portal fine --> but when he clicks on Reports on the console it says ' Access denied'.

 

https://support.office.com/en-us/article/Register-your-free-Azure-Active-Directory-subscription-d104...

 

I've been testing this in our test environment. - No luck so far.

 

Any help on this will be greatly appreciated.

 

Thanks

Krishna

7 Replies

Try assigning the newly introduced "Reports reader" role. If that doesn't work, you can also try assigning the "ViewOnlyAuditLogs" role in the Exchange Admin Center (yes, Exchange, not the SCC).

Hi Vasil,

 

Thanks for your response..!!

 

I did try that...I created a custom role group with "View-only- Auditlogs' and that did not help too. Have also tried "Reports Reader" - No luck yet.

 

When i login to 365 admin console with the account with reports reader and member of 'Audit logs/view-only audit logs' - i don't even get to see Auditing logs under Reports --> Security and Compliance.

 

Any more suggestions..? :)

 

Krishna

Did you add the role in the Exchange Admin Center? Also, the Audit log search is found under Search&Investigation in the SCC, just making sure we talk about the same thing.

Yes, I created the role group under Permissions on Exchange Admin Center.

Highlighted

I have a similar issue.  Even though I am an administrator on our Azure subsription, and can view reports (eg Risky sign-ins) through the Azure portal, if I try and access reports via the O365 portal (Azure AD reports under Security and Compliance), it asks me to sign up for a new Azure subscription?

The Azure subscription admin and O365 admin roles are not connected in any way, make sure you have the necessary permissions granted in the SCC.

Can you point me at any documentation that defines the permissions required?

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies