在哪里可以找到 Azure AD 审核日志中字段的详细信息?

Where can I find details of the fields in an Azure AD Audit Log?

我们有一个应用程序可以解析 Azure AD 发出的审计日志。更具体地说,我们正在解析 'Update application' 日志以检测何时将新角色添加到应用程序(请参见下面的示例)。

我们想了解有关“DirectAccessGrantTypes”和“ImpersonationAccessGrantTypes”字段的更多信息。如果有人可以向我们指出这方面的文档,那就太好了。

[{"EntitlementEncodingVersion":2,"EntitlementId":"654a4f1f-1b7f-4354-a6d6-fcf7346af0ec","IsDisabled":true,"Origin":0,"Name":"Data Manager","Description":"Manager for test app","Definition":null,"ClaimValue":"DataManager","ResourceScopeType":0,"IsPrivate":false,"UserConsentDisplayName":null,"UserConsentDescription":null,"DirectAccessGrantTypes":[20],"ImpersonationAccessGrantTypes":[],"EntitlementCategory":0,"DependentMicrosoftGraphPermissions":[]},{"EntitlementEncodingVersion":2,"EntitlementId":"3d03256d-cf0c-4553-b8af-98d7ebbee1f2","IsDisabled":false,"Origin":0,"Name":"Application Manager","Description":"Admin for test app","Definition":null,"ClaimValue":"ApplicationManager","ResourceScopeType":0,"IsPrivate":false,"UserConsentDisplayName":null,"UserConsentDescription":null,"DirectAccessGrantTypes":[20],"ImpersonationAccessGrantTypes":[],"EntitlementCategory":0,"DependentMicrosoftGraphPermissions":[]},{"EntitlementEncodingVersion":2,"EntitlementId":"88d0d3e3-b661-4760-aea3-f4548db1ff96","IsDisabled":false,"Origin":0,"Name":"Read","Description":"Allow users to add a admin consent","Definition":null,"ClaimValue":"Read","ResourceScopeType":0,"IsPrivate":false,"UserConsentDisplayName":null,"UserConsentDescription":null,"DirectAccessGrantTypes":[],"ImpersonationAccessGrantTypes":[{"Impersonator":29,"Impersonated":20}],"EntitlementCategory":0,"DependentMicrosoftGraphPermissions":[]}]

来自文章 > View reports & logs in entitlement management - Azure AD | Microsoft Docs

When Azure AD receives a new request, it writes an audit record, in which the Category is EntitlementManagement and the Activity is typically User requests access package assignment. In the case of a direct assignment created in the Azure portal, the Activity field of the audit record is Administrator directly assigns user to access package, and the user performing the assignment is identified by the ActorUserPrincipalName.

Application Impersonation 基本上是管理员管理的权限,而不是用户管理的权限。 模拟访问授权日志提供信息 ex:count., 管理员同意访问应用程序以模拟用户的用户。

ImpersonationAccessGrantTypes 提供管理员代表用户授予的访问权限的计数或信息,而 DirectAccessGrantTypes 提供有关直接访问应用程序的用户的信息,因为他们已经由管理员分配。

参考: Multiple Client applications authorisation to WebApi (microsoft.com)