Read: 5 mins. This article covers three ways to audit Azure Active Directory Role changes, such as the Global Administrators: Azure Portal, Microsoft 365 Compliance Center, and Splunk (SIEM).
Read: 12 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.