I have a gMSA that is moving users in and out of AD Security Groups. I can see all the details in the MDI console if I search for the Userid or the AD group. I see log entries like:
gjkoster was added by gMSA-UserAdd
When I open the Cloud App Security Console I see a entry like:
gjkoster was added to group XXXXX by n/a
So in the Cloud App Security console I cannot see who performed the action of add user gjkoster to the specific AD-group. While MDI has the info available. Why is that. If a 'normal' user adds someone, it does show.