I'm trying to track down who created some Azure groups, but since these groups are quite old, I'm having trouble. I know audit logs only show data from the last six months, so is there any way to find out who the owner is? Any advice would be greatly appreciated!
3 Answers
If you haven't already set up log forwarding to Log Analytics, retrieving this information might be tricky. As a tip for the future, consider backing up your Entra configuration. This way, you'll store the audit info along with your backup data and keep a changelog of memberships too! Here's a guide on how to do it: https://doitpshway.com/how-to-easily-backup-your-azure-environment-using-entraexporter-and-azure-devops-pipeline
It seems like audit logs are your best bet for this kind of information. If the group in question is an Entra group synced with Active Directory, there might be some record, but it could just show as a generic sync entry.
Thanks for your response! I managed to find the info for Entra ID synced groups, but I'm still having trouble with the cloud groups.
Unfortunately, the only place this info is stored is in the activity logs, and if they're old, they've probably been deleted. For future reference, consider exporting activity logs to a service like Log Analytics or establishing a tagging system to keep this info easily accessible.
Thank you so much! ❤️
Thanks, that's super helpful!