Add justification to Admin Login

Andrew Williams 20 Reputation points
2023-09-01T16:28:34.7066667+00:00

Hey!

Very green noobie here...

HR has asked if it's possible to add a justification for login applicable to admins only. In other words, when an admin logs in, they must enter a single sentence reason for why they are logging in. Fully aware of all the logs available, and the lack of trust this discloses, but nevertheless...I just don't think the admins will remember to add a justification to a separate file... I know I would always forget!

Thanks for any sage advice.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,719 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
76 questions
{count} votes

Accepted answer
  1. Pavel yannara Mirochnitchenko 10,366 Reputation points
    2023-09-01T18:13:12.7766667+00:00

    Endpoint Privilege Management feature has some reasoning (text entery) but it only applies to Application installation, not all admin activities.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 131K Reputation points MVP
    2023-09-01T18:27:41.5933333+00:00

    If they are worried about admin activities and justification, then PIM is the answer if you are licensed.

    You can require justification for any account that elevates itself:

    https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

    Example:

    User's image

    1 person found this answer helpful.