View update and sign-in activities for Managed identities
This article explains how to view updates carried out to managed identities, and sign-in attempts made by managed identities.
Prerequisites
- If you're unfamiliar with managed identities for Azure resources, check out the overview section.
- If you don't already have an Azure account, sign up for a Trial.
View updates made to user-assigned managed identities
This procedure demonstrates how to view updates carried out to user-assigned managed identities.
In the Azure portal, browse to Activity Log.
Select the Add Filter search pill and select Operation from the list.
In the Operation dropdown list, enter these operation names: "Delete User Assigned Identity" and "Write UserAssignedIdentities".
When matching operations are displayed, select one to view the summary.
Select the JSON tab to view more detailed information about the operation, and scroll to the properties node to view information about the identity that was modified.
View role assignments added and removed for managed identities
Note
You'll need to search by the object (principal) ID of the managed identity that you want to view role assignment changes for.
- Locate the managed identity you wish to view the role assignment changes for. If you're looking for a system-assigned managed identity, the object ID is displayed in the Identity screen under the resource. If you're looking for a user-assigned identity, the object ID is displayed in the Overview page of the managed identity.
User-assigned identity:
System-assigned identity:
Copy the object ID.
Browse to the Activity log.
Select the Add Filter search pill and select Operation from the list.
In the Operation dropdown list, enter these operation names: Create role assignment and Delete role assignment.
Paste the object ID in the search box; the results are filtered automatically.
When matching operations are displayed, select one to view the summary.
View authentication attempts by managed identities
Browse to Microsoft Entra ID.
Select Sign-in logs from the Monitoring section.
Select the Managed identity sign-ins tab.
To view the identity's Enterprise application in Microsoft Entra ID, select the "Managed Identity ID" column.
To view the Azure resource or user-assigned managed identity, search by name in the search bar of the Azure portal.
Note
Since managed identity authentication requests originate within the Azure infrastructure, the IP Address value is excluded here.