1 vote2 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →Oscar commented
Yes, we would like to know both and use both for monitoring purpose:
1. To know when a role was last assigned to a user for auditing purpose
2. To know when a role's permission or name was modified
I guess if any, the 1st or 2nd action made and "date modified" updated for PS: Get-AzureADDirectoryRole, then we can already operate with this,
We could set a script as example:
1. We know that role is set and up to date as from 1-Jan-2019
2. Run script Get-AzureADDirectoryRole | Select ModifyDate
3. If "ModifyDate" is different than last time role was modified 1-Jan-2019, check and compare members or rest parameters like name or permissions
67 votesOscar commented
Would be great to have following scenario:
2. Run PowerShell to query one or all Azure AD joined devices of the Tenant and then export received data to CSV with information:
A) User linked to device
B) Device ID
C) BitLocker Key and Recovery Key
D) Device rest details as name etc.
So we can schedule script to be run on our servers and store information for long term use.
Thanks for your feedback. We are looking into it and evaluating different options for solving the use cases mentioned in this thread. We will update this thread once we have more information to share.