How can we improve Azure Active Directory?

← Azure Active Directory

Change tracking for Conditional Access Policies

Support some kind of change tracking or auditing in regards to changes made for Conditional Access Policies?

154 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Peter Selch Dahl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

23 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Darragh O'Shaughnessy commented  ·   ·  Flag as inappropriate

    Just came across an issue. I can't believe 'Modified Properties' within the audit trail for Conditional Access Policies is still in preview. This is an enterprise platform :|

  • Sivakumar Ramalingam commented  ·   ·  Flag as inappropriate

    This is absolutely required - its a shame that this basic level of auditing is not yet implemented and its been on "planned" stage for this long.

    If there is someone from @MSFT monitoring this thread, please provide an update.

  • John McCash commented  ·   ·  Flag as inappropriate

    So.... I'm almost afraid to ask this, but if they haven't been logging something this critical from the beginning, what ELSE aren't they logging? Has anyone done a comprehensive search through their logs looking for missing information in other types of change audit log entries?

  • Glynn, Karen commented  ·   ·  Flag as inappropriate

    We could desperately do with this as we have just had a breach and have no way of identifying when or who did it.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I need to know when a condicional access change is done and be notified. It's priority. A change here can leave the company work down.

  • Fred Speece commented  ·   ·  Flag as inappropriate

    not sure how to create that azure monitor rule, is there a guide somewhere?
    +1, super important to be able to audit the who what when of CA policy changes.

  • KjetilEVRY commented  ·   ·  Flag as inappropriate

    I think something is coming soon. Until then, you could use Azure Monitor and create alerts by using this query:
    AuditLogs | where OperationName contains "Policy"

    Not optimal, but better than nothing

  • Naveen B N commented  ·   ·  Flag as inappropriate

    This feature is really required for security governance purpose, hope fully we can find the way for achieving this.

  • David Hughes commented  ·   ·  Flag as inappropriate

    I'm trying to set-up a Conditional Access Alert for this and cannot find anything in there that would help with notification of changes etc. to CAP's.
    As part of our security we need to track what was modified, by whom, and to what effect the modification was, i.e. if someone was added / removed to / from an exclude list. If the CAP itself was altered.
    Does anyone know when we'll be able to log them?

  • Christopher Parker commented  ·   ·  Flag as inappropriate

    I'ma be honest, folks, the fact that this is still sitting on user voice "planned" after two years is deeply, deeply disturbing.

  • Minh Trieu commented  ·   ·  Flag as inappropriate

    Considering that this is a security tool, its really important that we have audit logs for this product.

← Previous 1

Azure Active Directory: Conditional Access

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice