在 Privileged Identity Management 中查看 Azure 资源角色的活动和审核历史记录View activity and audit history for Azure resource roles in Privileged Identity Management

使用 Azure Active Directory (Azure AD) Privileged Identity Management (PIM),可以查看组织中的 Azure 资源角色的活动、激活和审核历史记录。With Azure Active Directory (Azure AD) Privileged Identity Management (PIM), you can view activity, activations, and audit history for Azure resources roles within your organization. 这些资源包括订阅、资源组甚至虚拟机。This includes subscriptions, resource groups, and even virtual machines. Azure 门户中利用 Azure 基于角色的访问控制功能的任何资源都可以利用 Privileged Identity Management 中的安全和生命周期管理功能。Any resource within the Azure portal that leverages the Azure role-based access control functionality can take advantage of the security and lifecycle management capabilities in Privileged Identity Management.

查看活动和激活View activity and activations

若要查看特定用户在各种资源中执行的操作,可以查看与给定激活时段关联的 Azure 资源活动。To see what actions a specific user took in various resources, you can view the Azure resource activity that's associated with a given activation period.

  1. 打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.

  2. 选择“Azure 资源” 。Select Azure resources.

  3. 选择你要查看其活动和激活的资源。Select the resource you want to view activity and activations for.

  4. 选择“角色” 或“成员” 。Select Roles or Members.

  5. 选择一个用户。Select a user.

    这将按日期显示用户在 Azure 资源中的操作的摘要。You see an summary of the user's actions in Azure resources by date. 其中还显示了同一时间段内的最近角色激活。It also shows the recent role activations over that same time period.

    包含资源活动摘要和角色激活的用户详细信息

  6. 选择某个特定的角色可查看详细信息,以及在该用户处于活动状态期间发生的相应 Azure 资源活动。Select a specific role activation to see details and corresponding Azure resource activity that occurred while that user was active.

    所选角色激活和活动详细信息Role activation selected and activity details

导出具有子级的角色分配Export role assignments with children

你可能具有合规性要求,必须向审核者提供角色分配的完整列表。You may have a compliance requirement where you must provide a complete list of role assignments to auditors. 可以使用 Privileged Identity Management 查询特定资源上的角色分配,这包括针对所有子资源的角色分配。Privileged Identity Management enables you to query role assignments at a specific resource, which includes role assignments for all child resources. 以前,管理员很难获取某个订阅的角色分配完整列表,他们必须导出每个特定资源的角色分配。Previously, it was difficult for administrators to get a complete list of role assignments for a subscription and they had to export role assignments for each specific resource. 使用 Privileged Identity Management,可以查询某个订阅中所有处于活动状态和符合条件的角色分配,包括针对所有资源组和资源的角色分配。Using Privileged Identity Management, you can query for all active and eligible role assignments in a subscription including role assignments for all resource groups and resources.

  1. 打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.

  2. 选择“Azure 资源” 。Select Azure resources.

  3. 选择要为其导出角色分配的资源,例如订阅。Select the resource you want to export role assignments for, such as a subscription.

  4. 选择“成员” 。Select Members.

  5. 选择“导出” 以打开“导出成员身份”窗格。Select Export to open the Export membership pane.

    用于导出所有成员的“导出成员身份”窗格Export membership pane to export all members

  6. 选择“导出所有成员” 以在 CSV 文件中导出所有角色分配。Select Export all members to export all role assignments in a CSV file.

    CSV 文件中导出的角色分配在 Excel 中显示

查看资源审核历史记录View resource audit history

资源审核提供资源的所有角色活动的视图。Resource audit gives you a view of all role activity for a resource.

  1. 打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.

  2. 选择“Azure 资源” 。Select Azure resources.

  3. 选择要查看其审核历史记录的资源。Select the resource you want to view audit history for.

  4. 选择“资源审核” 。Select Resource audit.

  5. 可以使用预定义的日期或自定义范围筛选历史记录。Filter the history using a predefined date or custom range.

    带筛选器的资源审核列表Resource audit list with filters

  6. 对于“审核类型” ,选择“激活(已分配 + 已激活)” 。For Audit type, select Activate (Assigned + Activated).

    按“激活”审核类型筛选的资源审核列表 按“激活”审核类型筛选的资源审核列表Resource audit list filtered by Activate audit type Resource audit list that is filtered by Activate audit type

  7. 在“操作” 下,单击某个用户的 (活动) 可查看该用户在 Azure 资源中的活动详细信息。Under Action, click (activity) for a user to see that user's activity detail in Azure resources.

    特定操作的用户活动详细信息

查看我的审核View my audit

使用“我的审核”,可以查看你的个人角色活动。My audit enables you to view your personal role activity.

  1. 打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.

  2. 选择“Azure 资源” 。Select Azure resources.

  3. 选择要查看其审核历史记录的资源。Select the resource you want to view audit history for.

  4. 选择“我的审核” 。Select My audit.

  5. 可以使用预定义的日期或自定义范围筛选历史记录。Filter the history using a predefined date or custom range.

    当前用户的审核列表Audit list for the current user

备注

访问审核历史记录需要“全局管理员”或“特权角色管理员”角色。Access to audit history requires either a Global Administrator or Privileged Role Administrator role.

获取审批事件的原因、审批者和票证编号Get reason, approver, and ticket number for approval events

  1. 使用特权角色管理员角色权限登录到 Azure 门户并打开 Azure AD。Sign in to the Azure portal with Privileged Role administrator role permissions, and open Azure AD.

  2. 选择“审核日志” 。Select Audit logs.

  3. 使用“服务” 筛选器以仅显示特权身份管理服务的审核事件。Use the Service filter to display only audit events for the Privileged identity Management service. 在“审核日志” 页上,你可以:On the Audit logs page, you can:

    • 请在“状态原因” 列中查看审核事件的原因。See the reason for an audit event in the Status reason column.
    • 在“将成员添加到角色请求已批准”事件的“发起人(参与者)” 列中查看审批者。See the approver in the Initiated by (actor) column for the "add member to role request approved" event.

    筛选 PIM 服务的审核日志Filter the audit log for the PIM service

  4. 选择一个审核日志事件,以在“详细信息” 窗格的“活动” 选项卡上查看票证编号。Select an audit log event to see the ticket number on the Activity tab of the Details pane.

    检查审核事件的票证编号]Check the ticket number for the audit event]

  5. 可以在审核事件的“详细信息” 窗格的“目标” 选项卡上查看请求者(激活角色的人员)。You can view the requester (person activating the role) on the Targets tab of the Details pane for an audit event. 有三种适用于 Azure 资源角色的目标类型:There are three target types for Azure resource roles:

    • 角色( 类型 = 角色)The role (Type = Role)
    • 请求者( 类型 = 其他)The requester (Type = Other)
    • 审批者( 类型 = 用户)The approver (Type = User)

    检查目标类型Check the target type

通常,审批事件正上方的日志事件是“将成员添加到角色已完成”事件,其中,“发起人(参与者)” 是请求者。Typically, the log event immediately above the approval event is an event for "Add member to role completed" where the Initiated by (actor) is the requester. 大多数情况下,你无需从审核角度查找审批请求中的请求者。In most cases, you won't need to find the requester in the approval request from an auditing perspective.

后续步骤Next steps