Skip to main content

Elevated Access to Entra ID

Audit logs

Idemeum cloud collects detailed audit logs for Entra ID accounts management and access.

Overview

Idemeum collects various audit log events and stores them in the cloud. The logs can be reviewed in the admin portal Audit trail section. Today we keep logs for the last 30 days on a rolling window.

Events for Entra ID accounts

New Entra ID account request

When technician navigates to idemeum portal and requests Entra ID account to be enabled or provisioned, we capture an event along with technician email address and the account name that will be provisioned.

alex@nikpot.com requested access to application Entra 365 onmicrosoft. User account msptech6913@NETORGFT11060369.onmicrosoft.com created.

Entra ID account disabled

We capture audit events when technician Entra ID accounts are disabled. This happens when:

    • Configured time for which account needs to stay active passed (default 4 hours)
    • Technician was un-entitled (no longer has access) to Entra ID application that you created, or you removed the application configuration from idemeum customer tenant
System disabled user account msptech6913@NETORGFT11060369.onmicrosoft.com in application Entra 365 onmicrosoft.

Entra ID account credentials access

Audit event is captured when technicians view credentials for Entra ID accounts.

alex@nikpot.com accessed Entra 365 onmicrosoft credentials.