Microsoft Entra ID · Global Secure Access

Global Secure Access Log Reader

Provides read-only access to network traffic logs in Microsoft Entra Internet Access and Private Access for security analysis.

Scope: Read-only access to Global Secure Access network logs

Permissions

  • Read Internet Access logs
  • Read Private Access logs
  • Read network traffic data
  • Access traffic analytics

Common use cases

  • Security incident investigation
  • Network traffic analysis
  • Compliance auditing
  • Threat hunting

Best practices

  • Correlate with other security data
  • Set up regular reviews
  • Document findings

Security considerations

  • Access to network traffic metadata
  • Can see user access patterns

Common questions

When should I assign the Global Secure Access Log Reader role?

Assign Global Secure Access Log Reader when you need to: Security incident investigation; Network traffic analysis; Compliance auditing; and Threat hunting. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Global Secure Access Log Reader role do?

The Global Secure Access Log Reader role grants permissions including: Read Internet Access logs; Read Private Access logs; Read network traffic data; and Access traffic analytics. See the Permissions section above for the full list.

What are the security risks of the Global Secure Access Log Reader role?

Key considerations when assigning Global Secure Access Log Reader: Access to network traffic metadata; and Can see user access patterns. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →