Hey everyone, I'm looking for advice on how to set up alerts whenever someone uses the "Access management for Azure Resources" feature, especially when the slider for granting permissions to manage access across all Azure subscriptions is flipped. I understand this option can let users bypass existing Privileged Identity Management (PIM) policies, making it a sort of emergency access method, but I want to ensure it triggers an email notification when changes are made.
3 Answers
It's good that you want to monitor that! From my experience, every time that slider is flipped, Azure logs a 'Microsoft.Authorization/roleAssignments/write' event. You can route the Activity Log to Log Analytics and set up an Azure Monitor alert for this specific operation. This way, you'll get notified via email or SMS when anyone uses that feature. If setting up this kind of alert feels too complex, you might want to reconsider if you really need that emergency access method at all.
Honestly, giving out GA access is risky business. I get you're looking to monitor things now, but once you drop that key, keeping an eye on usage is a must. Just make sure you have the right alerts set up from the start!
I see your concern about monitoring. Just a heads-up, while you want to keep track of those actions, always remember that the Global Administrator role is powerful, and giving someone that access means a lot. It's fair to want an alert on such critical actions, though. PIM and RBAC policies are there to prevent misuse, so keeping tabs on when those are bypassed is definitely justified!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures