Change tracking for Conditional Access Policies
Support some kind of change tracking or auditing in regards to changes made for Conditional Access Policies?
I think something is coming soon. Until then, you could use Azure Monitor and create alerts by using this query:
AuditLogs | where OperationName contains "Policy"
Not optimal, but better than nothing
This has to be done asap, how can this be justified not being done already?
Naveen B N commented
This feature is really required for security governance purpose, hope fully we can find the way for achieving this.
David Hughes commented
I'm trying to set-up a Conditional Access Alert for this and cannot find anything in there that would help with notification of changes etc. to CAP's.
As part of our security we need to track what was modified, by whom, and to what effect the modification was, i.e. if someone was added / removed to / from an exclude list. If the CAP itself was altered.
Does anyone know when we'll be able to log them?
Christopher Parker commented
I'ma be honest, folks, the fact that this is still sitting on user voice "planned" after two years is deeply, deeply disturbing.
Torsten Egebirk commented
It's crusial for orgs to able able to track changes in CA's
Minh Trieu commented
Considering that this is a security tool, its really important that we have audit logs for this product.
I can see the status is now planned! As soon as you can please :)
+1 on this one - Audit logs for conditional access should be a priority considering the impact conditional access can have.
Adam Dickinson commented
Absolutely - given CA is a security component in Azure, I would say being able to audit who changed WHAT from WHERE would be a given for being recorded.
Yet beyond who and when, I can see no detail to prove what settings were changed which could impact the ability of CA to protect identity/data.