This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 41%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
Hello All,
I'm trying to dig through some Audit Log Events from the Azure Entra ID (formerly Azure Active Directory) Audit Log. I've noticed a bunch of activity from the "Self-Service Group Management" Service, with a multitude of activities such as:
Unfortunately I'm not having any luck finding any type of description or details as to what each of these activities are doing. Does anyone know where information on these activities can be found?
Those look like internal calls that do not directly correspond to a user action within the feature. No idea why they are exposed in the logs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 20%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
I had the same kind of events in my logs and found this link: https://learn.microsoft.com/en-us/entra/identity/monitoring-health/reference-audit-activities. Not that there is a good description, but it's more than MS usually offers....
I reference this all the time to look up activity entries in the log, but your point hits on the head, there is no good description. They acknowledge that they're valid activities, but not what those activities actually correspond to or are doing. In some cases they're descriptive enough that you can decipher what the activity is based on the name and the other audit log details.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 71%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOI%3C/text%3E%3C/svg%3E)
I am also trying to understand why these are appearing in the logs.