在 PIM 中查看 Azure AD 角色的审核历史记录View audit history for Azure AD roles in PIM

可以使用 Azure Active Directory (Azure AD) Privileged Identity Management (PIM) 审核历史记录查看过去 30 天内所有特权角色的所有角色分配和激活。You can use the Azure Active Directory (Azure AD) Privileged Identity Management (PIM) audit history to see all the role assignments and activations within the past 30 days for all privileged roles. 如果想要在目录中查看活动的完整审核历史记录(包括管理员、最终用户和同步活动),可以使用 Azure Active Directory 安全和活动报告If you want to see the full audit history of activity in your directory, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports.

查看审核历史记录View audit history

按以下步骤查看 Azure AD 角色的审核历史记录。Follow these steps to view the audit history for Azure AD roles.

  1. 使用特权角色管理员角色成员用户的身份登录到 Azure 门户Sign in to Azure portal with a user that is a member of the Privileged Role Administrator role.

  2. 打开“Azure AD Privileged Identity Management”。 Open Azure AD Privileged Identity Management.

  3. 单击“Azure AD 角色”。 Click Azure AD roles.

  4. 单击“目录角色审核历史记录”。 Click Directory roles audit history.

    将会根据审核历史记录显示柱形图和总激活数、每日最大激活数以及每日平均激活数。Depending on your audit history, a column chart is displayed along with the total activations, max activations per day, and average activations per day.

    目录角色审核历史记录

    在页面底部会显示一个表,其中包含可用审核历史记录中每个操作的信息。At the bottom of the page, a table is displayed with information about each action in the available audit history. 列的含义如下:The columns have the following meanings:

    Column 说明Description
    时间Time 发生操作的时间。When the action occurred.
    请求者Requestor 已请求角色激活或更改的用户。User who requested the role activation or change. 如果该值为“Azure 系统”,请查看 Azure 审核历史记录以获取详细信息。 If the value is Azure System, check the Azure audit history for more information.
    操作Action 请求者所采取的操作。Actions taken by the requestor. 操作可能包含分配、取消分配、激活、停用或 AddedOutsidePIM。Actions can include Assign, Unassign, Activate, Deactivate, or AddedOutsidePIM.
    成员Member 正在激活或已分配给角色的用户。User who is activating or assigned to a role.
    角色Role 由用户分配或激活的角色。Role assigned or activated by the user.
    理由Reasoning 在激活期间向原因字段中输入的文本。Text that was entered into the reason field during activation.
    过期时间Expiration 已激活角色过期的时间。When an activated role expires. 仅适用于符合条件的角色分配。Applies only to eligible role assignments.
  5. 若要对审核历史记录排序,请单击“时间” 、“操作” 和“角色” 按钮。To sort the audit history, click the Time, Action, and Role buttons.

筛选审核历史记录Filter audit history

  1. 在审核历史记录页顶部,单击“筛选”按钮。 At the top of the audit history page, click the Filter button.

    将显示“更新图表参数”窗格 。The Update chart parameters pane appears.

  2. 在“时间范围”中, 选择时间范围。In Time range, select a time range.

  3. 在“角色”中,添加要查看的角色的复选标记。 In Roles, add checkmarks for the roles you want to view.

    “更新图表参数”窗格

  4. 单击“完成”,查看已筛选的审核历史记录。 Click Done to view the filtered audit history.

后续步骤Next steps