Remove Delete Audit Logs from Global Admin Role?

Rusnak, Alan 21 Reputation points
2023-08-03T11:46:43.32+00:00

Due to a recent audit we have been tasked with modifying the permissions for our Global Administrators. The request is to remove the ability for Global Administrators to delete the Azure Audit Logs, there by reducing the possibility that they could do something nefarious and then delete the audit trail. Is this possible, and is so, how would we go about it? Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-08-04T05:53:51.4666667+00:00

    @Rusnak, Alan Thank you for reaching out to us, As I understand you are looking for steps to modify the privileges for Global Administrator role (in-built Azure AD).

    Its not possible to modify in-built Azure AD roles, however we have custom role permissions options where you can create the custom role - https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-available-permissions

    In the above question you also mentioned you want to remove the ability for Global Administrators to delete the Azure Audit Logs - we don't have an option to delete the Azure AD logs from the portal, however we have logs stored in Azure AD for 30 days - How long does Azure AD store the data?

    Refer to this article on how to retain Azure AD logs for long-term use or integrate it with third-party Security Information and Event Management (SIEM) tools to gain insights into your environment. - https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.