cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Audit Role Changes in 365 Defender

jeremyhAUS
Brass Contributor

‎Dec 19 2022 08:14 PM

‎Dec 19 2022 08:14 PM

Audit Role Changes in 365 Defender

Hi,

 

I am trying to track down who created a custom role in the Roles section of M365 Defender portal. Can anyone point to where this is audited? I've searched in the Audit section of a Developer tenant I am playing with but haven't come up with anything yet.

 

Ideally I'd like the audit logs for this forwarded to Sentinel, but can't find any documentation about what table they might end up in or what connector I would need to enable to make this happen.

776 Views
0 Likes
1 Reply
Reply
1 Reply
Gadi_Palatchi_MSFT

‎Dec 27 2022 12:38 AM

‎Dec 27 2022 12:38 AM

Re: Audit Role Changes in 365 Defender

Hi @jeremyhAUS,

Auditing is not available at the moment for custom roles creation and management in the Microsoft 365 Defender role-based access control model. We are looking into it.

 

0 Likes
Reply