Add justification to Admin Login

Andrew Williams 20 Reputation points
2023-09-01T16:28:34.7066667+00:00

Hey!

Very green noobie here...

HR has asked if it's possible to add a justification for login applicable to admins only. In other words, when an admin logs in, they must enter a single sentence reason for why they are logging in. Fully aware of all the logs available, and the lack of trust this discloses, but nevertheless...I just don't think the admins will remember to add a justification to a separate file... I know I would always forget!

Thanks for any sage advice.

Microsoft Security | Intune | Compliance
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Pavel yannara Mirochnitchenko 13,336 Reputation points MVP
    2023-09-01T18:13:12.7766667+00:00

    Endpoint Privilege Management feature has some reasoning (text entery) but it only applies to Application installation, not all admin activities.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-09-01T18:27:41.5933333+00:00

    If they are worried about admin activities and justification, then PIM is the answer if you are licensed.

    You can require justification for any account that elevates itself:

    https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

    Example:

    User's image

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.