Azure AD Directory Roles modified date | PowerShell
Please allow query Azure AD Directory Roles modified date,
So if we run PS: Get-AzureADDirectoryRole
We could see when role modified and use this as monitoring parameter, as example we can set current date as non-modified, any older date will be triggered.
Thanks for your feedback. We have version number in role definition schema – https://docs.microsoft.com/en-us/graph/api/resources/unifiedroledefinition?view=graph-rest-beta
We will evaluate this request to have modified date as well.
Azure AD RBAC Team
Yes, we would like to know both and use both for monitoring purpose:
1. To know when a role was last assigned to a user for auditing purpose
2. To know when a role's permission or name was modified
I guess if any, the 1st or 2nd action made and "date modified" updated for PS: Get-AzureADDirectoryRole, then we can already operate with this,
We could set a script as example:
1. We know that role is set and up to date as from 1-Jan-2019
2. Run script Get-AzureADDirectoryRole | Select ModifyDate
3. If "ModifyDate" is different than last time role was modified 1-Jan-2019, check and compare members or rest parameters like name or permissions
I need a clarification on your scenario.
1. Do you want to know when a role was last assigned to a user for auditing purpose?
2. Do you want to know when a role's permission or name was modified?