Hybrid identity management audit reporting in Microsoft Entra ID
With Microsoft Entra audit activity reporting, you can monitor identity management activity either on-premises or in the cloud. By managing all your identity and access data in a single report, you can save time and reduce overall costs.
What is Microsoft Entra hybrid reporting?
Hybrid audit reporting helps IT professionals address common identity-management reporting challenges, such as:
Collecting identity management activities across different systems. Hybrid reports show you identity management activity from Microsoft Entra ID and Identity Manager.
Exporting reporting data and creating custom reports. In addition to viewing your reports in the Azure portal, you can export the data to generate your own custom views.
Reducing reporting system infrastructure cost. Hybrid reporting in the cloud means you can help eliminate the costs that are associated with your on-premises, data-warehouse infrastructure.
How does it work?
To collect the on-premises data, you first install a reporting agent on your Identity Manager 2016 server. Download the Microsoft Identity Manager Hybrid Reporting Agent.
Hybrid reporting undergoes the following process:
- After you install the reporting agent, the Identity Manager activity data is sent to Windows Event Log.
- The reporting agent processes the delta events every 10 minutes or when the Windows Event Log service restarts. The agent then uploads the events to the Azure portal.
- The Azure portal processes the received data within one hour of receiving it.
- The activity data is stored in Azure for one month.
- The Azure portal retrieves the audit reporting data and displays it in the Azure Audit Reporting window.
Next steps
Learn more about:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for