Audit Role Changes in 365 Defender

Brass Contributor

Hi,

 

I am trying to track down who created a custom role in the Roles section of M365 Defender portal. Can anyone point to where this is audited? I've searched in the Audit section of a Developer tenant I am playing with but haven't come up with anything yet.

 

Ideally I'd like the audit logs for this forwarded to Sentinel, but can't find any documentation about what table they might end up in or what connector I would need to enable to make this happen.

1 Reply

Hi @jeremyhAUS,

Auditing is not available at the moment for custom roles creation and management in the Microsoft 365 Defender role-based access control model. We are looking into it.