Microsoft Entra ID · Identity Governance

Attribute Log Administrator

Read audit logs and configure diagnostic settings for events related to custom security attributes.

Scope: Audit and diagnostic configuration for custom security attribute activities

Permissions

  • Read custom security attribute audit logs
  • Read attribute definition change logs
  • Read attribute assignment change logs
  • Configure diagnostic settings for attributes
  • Export attribute audit logs

Common use cases

  • Attribute change auditing
  • Compliance monitoring for attributes
  • Attribute assignment tracking
  • Security investigation support
  • Diagnostic log configuration

Best practices

  • Configure log retention appropriately
  • Set up alerts for critical changes
  • Export logs for long-term retention
  • Integrate with SIEM
  • Regular audit log review

Security considerations

  • Audit logs may reveal sensitive classifications
  • Cannot read other audit log types
  • Important for attribute governance

Common questions

When should I assign the Attribute Log Administrator role?

Assign Attribute Log Administrator when you need to: Attribute change auditing; Compliance monitoring for attributes; Attribute assignment tracking; Security investigation support; and Diagnostic log configuration. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Attribute Log Administrator role do?

The Attribute Log Administrator role grants permissions including: Read custom security attribute audit logs; Read attribute definition change logs; Read attribute assignment change logs; Configure diagnostic settings for attributes; and Export attribute audit logs. See the Permissions section above for the full list.

What are the security risks of the Attribute Log Administrator role?

Key considerations when assigning Attribute Log Administrator: Audit logs may reveal sensitive classifications; Cannot read other audit log types; and Important for attribute governance. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →