Migration: From direct assignments to access packages

Copper Contributor

Hi all,


our company is changing the authorization concept. Moving away from direct assignment to access packages.

Finally, we have to resolve any remaining direct assignments if they are not covered by an access package, and get rid of it. 

The question is: how do I determine direct assignments, or how do I see whether a group has been assigned via an access package or via direct assignment?


Audit logs shows a maximum of 1 month. Here you can see this in the following values:

Direct assignment: "Initiated by (actor)" => "UPN"

Access Package: "Initiated by (actor)" => "Azure AD Identity Governance"




1 Reply

Hi @vipfafen

Have you found your way out of it?

Can you share?