Nov 08 2017
- last edited on
Jul 24 2020
I need some help here..!!
I'm looking for a way to grant access to Azure AD reports ( Suspicious logons, Logins from Risky Ip's etc) under Office 365 admin console to members from security/compliance teams.
To be precise, I'm trying to give access to below report...
O365 admin console --> Reports --> Security and Compliance -->> Under 'Auditing' - Azure AD reports (paid Office 365 subscription required) which takes us to Azure classic Portal.
As per the MS documentation, i have tried adding user to Security Admin/Security Reader - No luck.
I've also tried adding user to Compliance admin role - No Luck
First thing - User does not see Auditing reports on Admin console. I have created a custom role group with Audit logs, View-only audit logs and security reader roles added to it and added user to the role group.
I had user register with Azure AD and is able to get into Azure portal fine --> but when he clicks on Reports on the console it says ' Access denied'.
I've been testing this in our test environment. - No luck so far.
Any help on this will be greatly appreciated.
Nov 08 2017 10:56 AM
Try assigning the newly introduced "Reports reader" role. If that doesn't work, you can also try assigning the "ViewOnlyAuditLogs" role in the Exchange Admin Center (yes, Exchange, not the SCC).
Nov 09 2017 12:26 AM
Thanks for your response..!!
I did try that...I created a custom role group with "View-only- Auditlogs' and that did not help too. Have also tried "Reports Reader" - No luck yet.
When i login to 365 admin console with the account with reports reader and member of 'Audit logs/view-only audit logs' - i don't even get to see Auditing logs under Reports --> Security and Compliance.
Any more suggestions..? :)
Nov 09 2017 12:44 AM
Did you add the role in the Exchange Admin Center? Also, the Audit log search is found under Search&Investigation in the SCC, just making sure we talk about the same thing.
Nov 20 2017 06:33 AM
I have a similar issue. Even though I am an administrator on our Azure subsription, and can view reports (eg Risky sign-ins) through the Azure portal, if I try and access reports via the O365 portal (Azure AD reports under Security and Compliance), it asks me to sign up for a new Azure subscription?
Nov 20 2017 01:08 PM
The Azure subscription admin and O365 admin roles are not connected in any way, make sure you have the necessary permissions granted in the SCC.