可以使用 Privileged Identity Management (PIM) 审核历史记录来查看过去 30 天内所有特权角色的所有角色分配和激活操作。You can use the Privileged Identity Management (PIM) audit history to see all role assignments and activations within the past 30 days for all privileged roles.若要查看 Azure Active Directory (Azure AD) 组织中活动的完整审核历史记录(包括管理员、最终用户和同步活动),可以使用 Azure Active Directory 安全和活动报告。If you want to see the full audit history of activity in your Azure Active Directory (Azure AD) organization, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports.
确定 PIM 版本Determine your version of PIM
从 2019 年 11 月开始,Privileged Identity Management 的 Azure AD 角色部分将更新为与 Azure 资源角色的体验相匹配的新版本。Beginning in November 2019, the Azure AD roles portion of Privileged Identity Management is being updated to a new version that matches the experiences for Azure resource roles.这将创建附加功能以及对现有 API 的更改。This creates additional features as well as changes to the existing API.在推出新版本时,本文中遵循的过程取决于当前拥有的 Privileged Identity Management 版本。While the new version is being rolled out, which procedures that you follow in this article depend on version of Privileged Identity Management you currently have.按照本部分中的步骤确定所拥有的 Privileged Identity Management 的版本。Follow the steps in this section to determine which version of Privileged Identity Management you have.了解 Privileged Identity Management 版本之后,可以选择本文中与该版本匹配的过程。After you know your version of Privileged Identity Management, you can select the procedures in this article that match that version.
打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.如果在概述页的顶部有横幅,请按照本文“新版本”选项卡中的说明进行操作 。If you have a banner on the top of the overview page, follow the instructions in the New version tab of this article.否则,请按照“先前版本”选项卡中的说明操作 。Otherwise, follow the instructions in the Previous version tab.
打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.
选择“Azure AD 角色” 。Select Azure AD roles.
选择“目录角色审核历史记录”。 Select Directory roles audit history.
将会根据审核历史记录显示柱形图和总激活数、每日最大激活数以及每日平均激活数。Depending on your audit history, a column chart is displayed along with the total activations, max activations per day, and average activations per day.
在页面底部会显示一个表,其中包含可用审核历史记录中每个操作的信息。At the bottom of the page, a table is displayed with information about each action in the available audit history.列的含义如下:The columns have the following meanings:
列Column
说明Description
时间Time
发生操作的时间。When the action occurred.
请求者Requestor
已请求角色激活或更改的用户。User who requested the role activation or change.如果该值为“Azure 系统”,请查看 Azure 审核历史记录以获取详细信息。 If the value is Azure System, check the Azure audit history for more information.
操作Action
请求者所采取的操作。Actions taken by the requestor.操作可能包含分配、取消分配、激活、停用或 AddedOutsidePIM。Actions can include Assign, Unassign, Activate, Deactivate, or AddedOutsidePIM.
成员Member
正在激活或已分配给角色的用户。User who is activating or assigned to a role.
角色Role
由用户分配或激活的角色。Role assigned or activated by the user.
理由Reasoning
在激活期间向原因字段中输入的文本。Text that was entered into the reason field during activation.
过期时间Expiration
已激活角色过期的时间。When an activated role expires.仅适用于符合条件的角色分配。Applies only to eligible role assignments.
若要对审核历史记录排序,请单击“时间” 、“操作” 和“角色” 按钮。To sort the audit history, click the Time, Action, and Role buttons.
筛选审核历史记录Filter audit history
在审核历史记录页顶部,单击“筛选”按钮。 At the top of the audit history page, click the Filter button.
在“时间范围”中, 选择时间范围。In Time range, select a time range.
在 角色 中,选中指示要查看的角色的复选框。In Roles, select the checkboxes to indicate the roles you want to view.
选择“完成”,查看已筛选的审核历史记录。 Select Done to view the filtered audit history.
获取审批事件的原因、审批者和票证编号Get reason, approver, and ticket number for approval events
使用特权角色管理员角色权限登录到 Azure 门户并打开 Azure AD。Sign in to the Azure portal with Privileged Role administrator role permissions, and open Azure AD.
选择“审核日志” 。Select Audit logs.
使用“服务” 筛选器以仅显示特权身份管理服务的审核事件。Use the Service filter to display only audit events for the Privileged identity Management service.在“审核日志” 页上,你可以:On the Audit logs page, you can:
请在“状态原因” 列中查看审核事件的原因。See the reason for an audit event in the Status reason column.
在“将成员添加到角色请求已批准”事件的“发起人(参与者)” 列中查看审批者。See the approver in the Initiated by (actor) column for the "add member to role request approved" event.
选择一个审核日志事件,以在“详细信息”窗格的“活动”选项卡上查看票证编号。Select an audit log event to see the ticket number on the Activity tab of the Details pane.
可以在审核事件的“详细信息”窗格的“目标”选项卡上查看请求者(激活角色的人员)。You can view the requester (person activating the role) on the Targets tab of the Details pane for an audit event.Azure AD 角色有两种目标类型:There are two target types for Azure AD roles:
角色( 类型 = 角色)The role (Type = Role)
请求者( 类型 = 用户)The requester (Type = User)
通常,审批事件正上方的审核日志事件是“将成员添加到角色已完成”事件,其中,“发起人(参与者)” 是请求者。Typically, the audit log event immediately above the approval event is an event for "Add member to role completed" where the Initiated by (actor) is the requester.大多数情况下,你无需从审核角度查找审批请求中的请求者。In most cases, you won't need to find the requester in the approval request from an auditing perspective.