Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
라이브 도움말 보기
등록 완료
로그인
가격 산정 요청
영업 담당자에게 문의
제품 번들을 선택했습니다. 귀하의 요청에 더 적합한 서비스를 제공해 드릴 수 있도록 개별 제품을 선택해 주십시오. *
지금은 채팅에 회신할 수 있는 기술 지원 엔지니어가 없습니다. 즉각적인 서비스를 받으려면 당사의 서비스 요청 양식을 사용하여 요청을 제출하십시오.
다음 문서의 설명에 따라 문제를 해결할 수 있습니다.
When auditing Microsoft Entra ID, you can add columns to display extra information through the search Layout tab:
Microsoft Entra - Activity Type
Activity Type
The activity resource type.
Microsoft Entra - Activity Name/Operation
Activity Name/Operation
The activity that was performed as part of the event.
Microsoft Entra - Activity Details
Activity Details
Additional information about audited activity. For example, for ‘Self-serve password reset flow activity progress’ it shows what step the user is performing.
For sign-in risk events, this shows the status of the risk event, such as "Closed (resolved)".
Microsoft Entra - Category
Category
The activity category, such as Terms of use, Core Directory, Application Proxy, Account Provisioning, Invited Users, etc.
Microsoft Entra - Sign-in City
City
The city from which the user signed in or attempted to sign in to an application.
Microsoft Entra - Sign-in State
State
The state from which the user signed in or attempted to sign in to an application.
Microsoft Entra - Sign-in Country
Country
The country from which the user signed in or attempted to sign in to an application.
When auditing Microsoft 365 and Microsoft Entra ID in a synchronized environment, you can add columns to display extra mapping information through the search Layout tab:
Microsoft Entra - Activity Origin
Activity Origin
‘Cloud’ indicates that the event activity was performed directly in the cloud.
‘AD’ indicates that the event activity was originally performed on-premises and was synchronized to the cloud.
Microsoft Entra - On-premises User
On-premises User
Domain and sAMAccountName of the on-premises user that corresponds to the cloud user that initiated the event.
Microsoft Entra - On-premises Target
On-premises Target
Domain and sAMAccountName of the on-premises object that corresponds to the cloud object that was the target of the event.
Microsoft Entra - Target Sync Type
Target Sync Type
‘In Cloud’ indicates that the target object exists only in the cloud
‘Synced from AD’ indicates that the target object was synchronized from Active Directory.
Microsoft Entra - Target Display Name
Target Display Name
Display the on-premises object display name for synchronized environments or the cloud object display name only for cloud-only objects.
Microsoft Entra - Tenant Initial Domain
Tenant Initial Domain
Default Microsoft Entra domain name.
Microsoft Entra - Tenant Display Name
Tenant Display Name
Tenant display name.
Microsoft Entra - Subject Sync Type
Subject Sync Type
‘SyncedFromAD’ indicates that the subject object was synchronized from Active Directory.
‘In Cloud’ indicates that the subject object exists only in the cloud.
Microsoft Entra - Subject Display Name
Subject Display Name
Displays the Active Directory on-premises name if a hybrid object and the Microsoft Entra name if a cloud object.
Microsoft Entra - On-premises Subject
On-premises Subject
Domain and sAMAccountName of the on-premises object that corresponds to the cloud object that was the subject of the event.
Subject Name
Microsoft Entra object name regardless of whether a cloud or hybrid object.
In addition to the search columns, the ‘Who’ field shows the mapping information in the event details pane. In cloud only deployments, this field displays the cloud user that initiated the event. If it is a synchronized deployment, the associated on-premises user is displayed after the cloud user in square brackets.
The Microsoft Entra ID audit reports and the Microsoft 365 audit logs are continuously evolving. To ensure that Change Auditor is synchronized with these updates, generic events have been introduced. Each Microsoft Entra and Microsoft 365 facility in Change Auditor has one generic event defined.
The generic event is generated each time an activity occurs that does not have a corresponding event defined in Change Auditor. For example, “Microsoft Entra- User event” is generated when activities such as “Reset password (self-service)” or “Unlock user account” are performed in Microsoft Entra ID. Activity information is populated in additional columns and the description for the event (What statement) is dynamically constructed based upon the activity and target object name.
When working with these events, you can add additional columns to the search layout to view information about the activity.
Represents the activity that was performed as part of the event.
For sign-in risk events, this shows the risk event type.
Provides additional information about audited activity.
For example:
For a complete list of the activities available see Microsoft documentation on “Audit activity reports” and “Search the audit log in the Microsoft 365 Security & Compliance Center”.
The event details pane contains the following additional information to help gain a better understanding of the activities taking place in Microsoft 365 Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Entra ID.
Overview
Displays a high-level view of the activity that is generated for each event.
You can quickly see when the event occurred, who made the change, what changed, where the change originated, the activity, the target type, synchronization type, subject type, subject synchronization type, activity type, category, and action,
Additional information for sign-in events include the reason for a sign-in failure and the sign-in location.
Additional information for sign-in risk events include the type of risk activity, risk status, risk level, and origin (IP address).
Target (Microsoft Entra events only)
Displays details on the property updates with the old and new value when available. It also displays information about multiple targets affected by a single event. For example, when a user added to a group, you can see both the user and the group as affected targets. When there are multiple targets, the target that best matches the activity type is displayed as the primary target in the Overview tab.
Details
Displays all available properties for a deeper analysis of the activity, including the raw data from the Microsoft Entra Reporting API.
For sign-in risk events, it contains raw data from the Microsoft Entra Identity Protection API.
Parameters (Exchange Online Administration events only)
Displays the parameters used to run the Microsoft 365 Administrative command.
Item
Displays Id, rights, SID, Upn, name and path details for Exchange Online permission additions, removals, or modifications.
Additional Info (Microsoft Entra risky events only)
Displays risk event additional information such as user agent, related event time in UTC, related users agent, device information, related location, request ID, correlation ID.
계열사 지원 사이트에서 Quest *제품*에 대한 온라인 지원 도움말을 볼 수 있습니다. 올바른 *제품* 지원 콘텐츠 및 지원에 연결하려면 계속을 클릭하십시오.
The document was helpful.
평가 결과 선택
I easily found the information I needed.
Quest Software 포털은 더 이상 IE 8, 9, 10을 지원하지 않습니다. 브라우저를 최신 버전의 Internet Explorer나 Chrome으로 업그레이드하는 것이 좋습니다.
IE 11로 업그레이드 여기를 클릭
Chrome으로 업그레이드 여기를 클릭
IE 8, 9 또는 10을 계속 사용할 경우 당사가 제공하는 뛰어난 셀프서비스 기능 모두를 최대한으로 활용하실 수 없습니다.
