Notifications for AAD user phone number changes

Occasional Visitor

Our organization would like to setup some system for notifications when a user changes their phone #.  When phone #'s are changed in AAD, they need to be updated in another system we have.  Any recommendations on how to do this?  The notification needs to have the user's name, the old #, and the new #.  The notification could be an email, a teams message, or any other mechanism really.  There will be a human receiving the notification and making the # change in our other system.  I just want to avoid a manual process where the changes need to be queried into a report each day.

 

Thanks in advance.

1 Reply

@EdPriest

If you export your AAD Audit logs to a Log Analytics workspace, you can run the query below to get the information you want. (It will pickup changes both to workplace numbers as well as mobile numbers)

AuditLogs 
| where OperationName == "Update user"
| where TargetResources contains "Mobile" or TargetResources contains "TelephoneNumber"
| mv-expand TargetResources
| extend Changes = parse_json(TargetResources.modifiedProperties)
| mv-expand Changes
| where Changes.displayName in ("Mobile","TelephoneNumber")
| project TimeGenerated, 
    UPN = TargetResources.userPrincipalName,
    ChangedNumber = Changes.displayName,
    Old = parse_json(tostring(Changes.oldValue))[0],
    New = parse_json(tostring(Changes.newValue))[0]
| sort by TimeGenerated asc

 

Output Image:

Jonhed_0-1663427432514.png

 

The audit logs only contain the UPN/user GUID, so if you require a readable name(surname/firstname), you could query that from AAD.

 

Personally I would probably run this in a Azure Logic App or Power Automate on a schedule, daily or hourly depending on the required timeframe. Both email notifications and teams notifications are possible.