Azure Active Directory - Conditional Access Changes
Azure AD Conditional Access Policy Changes
Query
AuditLogs
| where OperationName has_any("conditional access policy")
| project
TimeGenerated,
OperationName,
policy=TargetResources[0].displayName,
modifiedBy=InitiatedBy.user.userPrincipalNameAbout this query
Azure Active Directory - Conditional Access Changes
Query Information
Description
This query provides a simple overview of Conditional Access policy changes
Explanation
This query retrieves information about changes made to Conditional Access policies in Azure Active Directory. It includes the time the change was made, the type of operation performed (such as creating or modifying a policy), the name of the policy that was changed, and the user who made the change.
Details

Alex Verboon
Released: June 4, 2023
Tables
AuditLogs
Keywords
AuditLogsOperationNameTargetResourcesTimeGeneratedInitiatedBy
Operators
wherehas_anyproject