在 PIM 中查看 Azure AD 角色的审核历史记录View audit history for Azure AD roles in PIM

03/11/2020

可以使用 Privileged Identity Management (PIM) 审核历史记录来查看过去 30 天内所有特权角色的所有角色分配和激活操作。You can use the Privileged Identity Management (PIM) audit history to see all role assignments and activations within the past 30 days for all privileged roles. 若要查看 Azure Active Directory (Azure AD) 组织中活动的完整审核历史记录（包括管理员、最终用户和同步活动），可以使用 Azure Active Directory 安全和活动报告。If you want to see the full audit history of activity in your Azure Active Directory (Azure AD) organization, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports.

确定 PIM 版本Determine your version of PIM

从 2019 年 11 月开始，Privileged Identity Management 的 Azure AD 角色部分将更新为与 Azure 资源角色的体验相匹配的新版本。Beginning in November 2019, the Azure AD roles portion of Privileged Identity Management is being updated to a new version that matches the experiences for Azure resource roles. 这将创建附加功能以及对现有 API 的更改。This creates additional features as well as changes to the existing API. 在推出新版本时，本文中遵循的过程取决于当前拥有的 Privileged Identity Management 版本。While the new version is being rolled out, which procedures that you follow in this article depend on version of Privileged Identity Management you currently have. 按照本部分中的步骤确定所拥有的 Privileged Identity Management 的版本。Follow the steps in this section to determine which version of Privileged Identity Management you have. 了解 Privileged Identity Management 版本之后，可以选择本文中与该版本匹配的过程。After you know your version of Privileged Identity Management, you can select the procedures in this article that match that version.

以具有特权角色管理员角色的用户身份登录到 Azure 门户。Sign in to the Azure portal with a user who is in the Privileged role administrator role.
打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management. 如果在概述页的顶部有横幅，请按照本文“新版本”选项卡中的说明进行操作。If you have a banner on the top of the overview page, follow the instructions in the New version tab of this article. 否则，请按照“先前版本”选项卡中的说明操作。Otherwise, follow the instructions in the Previous version tab.

新版本New version
先前版本Previous version

按以下步骤查看 Azure AD 角色的审核历史记录。Follow these steps to view the audit history for Azure AD roles.

查看资源审核历史记录View resource audit history

可以通过资源审核查看与 Azure AD 角色关联的所有活动。Resource audit gives you a view of all activity associated with your Azure AD roles.

打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.
选择“Azure AD 角色” 。Select Azure AD roles.
选择“资源审核” 。Select Resource audit.
可以使用预定义的日期或自定义范围筛选历史记录。Filter the history using a predefined date or custom range.

查看我的审核View my audit

使用“我的审核”，可以查看你的个人角色活动。My audit enables you to view your personal role activity.

打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.
选择“Azure AD 角色” 。Select Azure AD roles.
选择要查看其审核历史记录的资源。Select the resource you want to view audit history for.
选择“我的审核” 。Select My audit.
可以使用预定义的日期或自定义范围筛选历史记录。Filter the history using a predefined date or custom range.

查看审核历史记录View audit history

按以下步骤查看 Azure AD 角色的审核历史记录。Follow these steps to view the audit history for Azure AD roles.

使用特权角色管理员角色成员用户的身份登录到 Azure 门户。Sign in to Azure portal with a user that is a member of the Privileged Role Administrator role.
打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.
选择“Azure AD 角色” 。Select Azure AD roles.

选择“目录角色审核历史记录”。 Select Directory roles audit history.

将会根据审核历史记录显示柱形图和总激活数、每日最大激活数以及每日平均激活数。Depending on your audit history, a column chart is displayed along with the total activations, max activations per day, and average activations per day.

目录角色审核历史记录

在页面底部会显示一个表，其中包含可用审核历史记录中每个操作的信息。At the bottom of the page, a table is displayed with information about each action in the available audit history. 列的含义如下：The columns have the following meanings:

列Column	说明Description
时间Time	发生操作的时间。When the action occurred.
请求者Requestor	已请求角色激活或更改的用户。User who requested the role activation or change. 如果该值为“Azure 系统”，请查看 Azure 审核历史记录以获取详细信息。 If the value is Azure System, check the Azure audit history for more information.
操作Action	请求者所采取的操作。Actions taken by the requestor. 操作可能包含分配、取消分配、激活、停用或 AddedOutsidePIM。Actions can include Assign, Unassign, Activate, Deactivate, or AddedOutsidePIM.
成员Member	正在激活或已分配给角色的用户。User who is activating or assigned to a role.
角色Role	由用户分配或激活的角色。Role assigned or activated by the user.
理由Reasoning	在激活期间向原因字段中输入的文本。Text that was entered into the reason field during activation.
过期时间Expiration	已激活角色过期的时间。When an activated role expires. 仅适用于符合条件的角色分配。Applies only to eligible role assignments.

若要对审核历史记录排序，请单击“时间” 、“操作” 和“角色” 按钮。To sort the audit history, click the Time, Action, and Role buttons.

筛选审核历史记录Filter audit history

在审核历史记录页顶部，单击“筛选”按钮。 At the top of the audit history page, click the Filter button.

将显示“更新图表参数”窗格。The Update chart parameters pane appears.
在“时间范围”中，选择时间范围。In Time range, select a time range.
在角色中，选中指示要查看的角色的复选框。In Roles, select the checkboxes to indicate the roles you want to view.
选择“完成”，查看已筛选的审核历史记录。 Select Done to view the filtered audit history.

后续步骤Next steps

在 Privileged Identity Management 中查看 Azure 资源角色的活动和审核历史记录View activity and audit history for Azure resource roles in Privileged Identity Management