hello @Vasco Ezequiel ,
Trust your day is going on well.
if you're unable to find the specific logs showing the user names of those modifying these states, you may need to adjust your audit log settings.
Consider to check the setting as stated below;
- Go to the Azure portal (https://portal.azure.com/) and sign in with your administrator credentials.
- From the Azure home page, locate and click on "Azure Active Directory" from the left-hand side menu.
- Within Azure Active Directory, under the Monitoring section, select "Audit logs." This will display the audit logs for your Azure AD tenant.
- Click on "Export settings" to configure what data you want to export to Azure Monitor logs or an Event Hub. Ensure that you're capturing the necessary information, such as user names, for the relevant activities (like dismissing user risks or confirming sign-ins as safe).
- Once the audit log settings are configured, you can review the logs to see the actions taken by administrators, including those related to user risk and sign-ins.
- If you require more detailed auditing, consider enabling Advanced Audit, which provides additional visibility into changes made within Azure AD.
- Use Azure Monitor logs or other monitoring tools to analyze the exported audit logs. You can search for specific activities, filter by user names, and track changes over time.
By adjusting the audit log settings in Azure Active Directory and ensuring that the necessary information is captured, you'll be able to verify and read the user names of administrators performing actions related to user risks and sign-ins.