Azure Access Package Reports

Gideon Hewitt 21 Reputation points
2022-10-27T12:29:00.097+00:00

Looking for someone who has knowledge of the catalogs within Azure’s Identity Governance - Access packages.
I would like to confirm with you or someone that the information in these catalogs doesn’t go away after a certain time frame.

Are you able to tell me if the information in the below screenshots will remain within these parts of Azure indefinitely, as long the employee is Active?
254740-shot-1.png

The information above should be all we need to show our auditors any Access Group that an employee has access to by requesting the access using the access request policy in azure. Does the above report ever go away?

Second report: Azure > Identity Governance > Access Packages > search for and open required application > Requests > click on user > click on Request History details in the bottom pane

254851-shot-2.png

The request history details provide some great information on who approved the request. This would also be ideal to have for our auditors. Do you know if this information ever goes away at some point?
Also, is this the only place to view the request history details or is it found somewhere else within Azure?

In some of my research it states that Azure logs are only available for 30 days, but I don’t believe that effects the above information. Is this correct?

Unfortunately, we have not been able to build up enough test data to see how long this information remains. Any assistance or information that you can provide would be greatly appreciated. Please let me know if you have any questions and thank you for your time.

Kind Regards,

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,061 questions
{count} votes

Accepted answer
  1. Givary-MSFT 29,171 Reputation points Microsoft Employee
    2022-10-31T10:02:16.56+00:00

    @Gideon Hewitt

    Thank you for reaching out to us. The screenshot in the above question gives the current assignments for a user and who approved them. If these assignments expire at some point, they won't be shown any more. So we do update the data - and changes can be observed in Entitlement Management and the Audit trail.

    Response to the first query - The first screenshot shows the current set of assignments for a user. If the auditor looks now, they see the access for a user now. They don't see if the user had access to other stuff 3 minutes ago.

    Response to the second query - We're showing access assigned through Access Packages/Entitlement Management here only. If the user is part of 15Teams and has access to 3 Sharepoint Sites that were assigned outside of Entitlement Management, we won't show that here.

    All the information is also available via the Graph API as well - you can pull regular snapshots of the assignments for (specific) users and store them.

    Let me know if you have any further questions.


0 additional answers

Sort by: Most helpful