Sep 17 2022 08:50 AM
Hi Community,
Using Azure AD PIM, suppose I have a role (example: Security Administrator) set as permanent eligible with "Activation maximum duration (hours)" = "8hrs".
Suppose I usually activate the role for 8 hours (after which due to JIT role activation I will have to request activation again).
Is there a simple or unambiguous way to tell if I have actually used the security administrator role for the full eight hours set, or - even if I have set the activation maximum duration (hours) to eight hours - to tell if I have used it for maybe just 5 minutes (or less than the time set during activation)?
I need to do this kind of analysis of actual use of the role in order to be able to correctly calibrate the upper limit of hours for the setting of the "Activation maximum duration (hours)" parameter.
Thanks in advance for your support,
Paolo
Sep 20 2022 12:02 AM
@psal88 there is an audit logs view in Azure AD that shows all the activity performed by the users . you can filter by user , service , activity and date. So , if the aim to know how much the user used his eligible role during the 8 hours from the activation time , you can filter by this user and check first activity after activation and last activity , then you would realize how much time he used his eligible role within those 8 hours
Sep 20 2022 01:03 AM - edited Sep 20 2022 01:06 AM
Thanks elikarkafy, but how can I understand from the logs that the activities performed by the user are actually those (and only those) which are permitted by the role (e.g. Security Administrator)?
Thanks,
Paolo
Sep 20 2022 01:17 AM
@PaoloSala88as I understand that your security administrator role is granted with specific access to some of your azure resources then you can use the azure resource activity in PIM . please refer to the below link to see how