Add justification to Admin Login

Andrew Williams 20 Reputation points
2023-09-01T16:28:34.7066667+00:00

Hey!

Very green noobie here...

HR has asked if it's possible to add a justification for login applicable to admins only. In other words, when an admin logs in, they must enter a single sentence reason for why they are logging in. Fully aware of all the logs available, and the lack of trust this discloses, but nevertheless...I just don't think the admins will remember to add a justification to a separate file... I know I would always forget!

Thanks for any sage advice.

Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
165 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,796 questions
{count} votes

Accepted answer
  1. Pavel yannara Mirochnitchenko 12,586 Reputation points MVP
    2023-09-01T18:13:12.7766667+00:00

    Endpoint Privilege Management feature has some reasoning (text entery) but it only applies to Application installation, not all admin activities.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 148.1K Reputation points MVP
    2023-09-01T18:27:41.5933333+00:00

    If they are worried about admin activities and justification, then PIM is the answer if you are licensed.

    You can require justification for any account that elevates itself:

    https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

    Example:

    User's image

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.