Kueri untuk tabel IdentityDirectoryEvents

Artikel
11/05/2024

Untuk informasi tentang menggunakan kueri ini di portal Azure, lihat tutorial Analitik Log. Untuk REST API, lihat Kueri.

Keanggotaan Grup berubah

Keanggotaan Grup berubah.

let group = '<insert your group>';
IdentityDirectoryEvents
| where ActionType == 'Group Membership changed'
| extend AddedToGroup = AdditionalFields['TO.GROUP']
| extend RemovedFromGroup = AdditionalFields['FROM.GROUP']
| extend TargetAccount = AdditionalFields['TARGET_OBJECT.USER']
| where AddedToGroup == group or RemovedFromGroup == group
| project-reorder Timestamp, ActionType, AddedToGroup, RemovedFromGroup, TargetAccount
| limit 100

Peristiwa perubahan kata sandi

Temukan peristiwa perubahan kata sandi terbaru untuk akun tertentu.

//Find the latest password change event for a specific account
let userAccount = '<insert your user account>';
let deviceAccount = 'insert your device account';
IdentityDirectoryEvents
| where ActionType == 'Account Password changed'
| where TargetAccountDisplayName == userAccount
//If you are looking for last password change of a device account comment the above row and remove comment from the below row
//| where TargetDeviceName == deviceAccount
| summarize LastPasswordChangeTime = max(Timestamp) by TargetAccountDisplayName // or change to TargetDeviceName for devcie account

Bagikan melalui

Kueri untuk tabel IdentityDirectoryEvents

Keanggotaan Grup berubah

Peristiwa perubahan kata sandi

Saran dan Komentar

Sumber Daya Tambahan: