User Profile
vivek_neonate
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Azure Active directory activities - Understanding the meaning
All, We are trying to setup alerts for activities performed at Azure AD level to audit the tenant. However we are not able to understand the meaning of few activities recorded in the audit logs. Two of them as below: Add app role assignment grant to user Add delegated permission grant I did some practical and understood "Add app role assignment grant to user" is recorded when an Enterprise app is assigned to a user but need to check if there are more scenarios. Also no idea about "Add delegated permission grant". I tried to refer link as below but not much helpful: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-audit-activities Any response will help me a lot. Thanks in advance.Re: Azure Active directory activities - Understanding the meaning
vivek_neonate Finally I was able to reproduce the issue. Below are my findings for these AD logs: Add app role assignment grant to user is generated when an app is assigned to a user from the Enterprise app blade. User can access these assigned apps from myapp portal. Add delegated permission grant can be seen when user tries to access the app from myapp portal and get a consent page. User clicks on "allow" and an entry will recorded in the AD Audit logs. A delegated Graph permission is granted from App registration's API permission tab. Eg:Re: Azure Active directory activities - Understanding the meaning
JanBakkerOrphaned Thank you for the response. However when I performed the mentioned activities in my subscription, I could see they are tracked as below: "Update Service principal" OR "Update Application" What I want to see is the activity performed when it is tracked as below: I have checked one scenario but other possibilities I can't reproduce. Thanks
