cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more
SOLVED

Audit logs - "Denied access request" - What does this mean exactly?

_Mk_Andrada
Copper Contributor

‎Jun 18 2023 08:24 AM

‎Jun 18 2023 08:24 AM

Audit logs - "Denied access request" - What does this mean exactly?

I'm in Purview and looking at the filterable activities under Audit and I run across "Denied access request." Looking at the description in the docs, it says "An access request to a site, folder, or document was denied." I think this description is a bit vague and I was wondering if someone can explain which of my understanding is the right one.

I think it either logs:

  • A) A user with insufficient permissions tries to access resource and is greeted by a "You don't have enough permissions" screen. (User attempt is logged?)
  • B) A user with insufficient permissions tries to access resource and is greeted by a "You don't have enough permissions" screen. The user then clicks on the button on the screen to request access. The owner/admin of the resource sees the request then intentionally denies it. (Owner denying is logged? Or User being denied is logged?)
Labels:
432 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by _Mk_Andrada (Copper Contributor)
miller34mike

‎Jun 20 2023 03:17 AM

‎Jun 20 2023 03:17 AM

Solution

Re: Audit logs - "Denied access request" - What does this mean exactly?

Hi @_Mk_Andrada 

 

This activity refers to option B and logs what user performed the rejection of the access request. You can see who requested access to the file but the user of the activity "denied access request" is the owner of the file that received the notification and hit "decline". 

 

I ran through this scenario in my lab to confirm when user A, Aaron, opened a file they did not have access to and was greeted by the "no access, request" screen (there is no log of a user seeing this screen) so Aaron requested access (the request is logged as "created access request"). User B, Mike, is the file owner and received the request and hit reject. The results are below.

 

Created access request:

miller34mike_1-1687256137849.png

 

Denied access request:

miller34mike_0-1687255716756.png

1 Like
Reply
_Mk_Andrada

‎Jun 20 2023 05:30 AM

‎Jun 20 2023 05:30 AM

Re: Audit logs - "Denied access request" - What does this mean exactly?

Excellent detective work yet again! Thanks Mike!
1 Like
Reply