Audit/log revoke access usage | Voters

Audit/log revoke access usage

planned

Sibe Klomp

Whenever access is revoked for a user through ITDR, it should log this action somewhere so other users can audit this. Or at the very least have record of when the access was revoked (timestamp with username)

December 2, 2024

Rich Mozeleski

marked this post as

planned

Matthew Buehlmann

Hey Sibe - the timestamp of when user access is revoked is documented in the Entra ID audit log for the locked out user, although it is only attributed the Huntress API. I don't think that fully answers your request here, but just wanted to share in case that helps.