Fetch Azure Tenant Activity logs

Agustin Sabelli 5 Reputation points

I'm getting the following error when querying the Azure Tenant Activity logs:


https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2024-03-19T12:00:00Z' and resourceUri eq '/providers/Microsoft.Authorization' and eventChannels eq 'Operation'

{ "error": { "code": "AuthorizationFailed", "message": "The client 'xxx' with object id 'xxx' does not have authorization to perform action 'Microsoft.Insights/eventtypes/values/read' over scope '/providers/Microsoft.Insights/eventtypes/management' or the scope is invalid. If access was recently granted, please refresh your credentials." } }

I´ve granted the user both Reader and Monitoring Reader RBAC role at the root management group level. To get the access token I´m using:


Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,867 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Agustin Sabelli 5 Reputation points

    I was able to solve this by assigning the RBAC Reader role at the root level:

    az role assignment create --assignee <assignee> --role Reader --scope "/"

    1 person found this answer helpful.

  2. Monalla-MSFT 12,121 Reputation points

    @Agustin Sabelli - Welcome to Microsoft Q&A and thanks for reaching out to us.

    In order to query the Azure tenant activity logs, please assign the RBAC reader role at the root level.

    az role assignment create --assignee <assignee> --role Reader --scope "/"

    Hope this helps. and please feel free to reach out if you have any further questions.

    Please don't forget to "Accept as Answer" and click "Yes" if the above response is helpful, so it can be beneficial to the community.

    0 comments No comments