This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 49%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I am wondering how can I link the audit logs from Azure AD to Role, Group or Privilege?
The logs just have the action and the category. Is there a way by which I can understand using what Role or Group privilege this action was taken?
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
Organizing devices and users into groups for policy application
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Swapnil Khamkar Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
@Swapnil Khamkar Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Is there a way in which I can map the category or its description with the privilege or its description
@Swapnil Khamkar PIM audit history allows you to see all role assignments and activations for all privileged roles.
Reference - https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/azure-pim-resource-rbac
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Swapnil Khamkar, Thanks for posting in Q&A. Based on my researching, there is no direct way to link audit logs to a specific role, group, or privilege, you can use the information provided in the logs to determine who initiated the action ("Initiated by" field) and "Target(s)" field which targets were affected.
Meanwhile, you can feedback in the following link to request the feature and see if we can get this in the future:
https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472
Best regards.
Crystal
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for the reply. If not direct, is there an alternative way to do it for now? Like take the category and activityDisplayName or operationType and figure out the roles or privileges from it?
@Swapnil Khamkar, Thanks for the reply. For the Role create, edit, assign, I find the Category is Role. You can use Category to filter out. But for group, this is not recorded in Intune. For privilege, you can check in audit log to see if it has a specific category to filter.