Microsoft Entra ID · Global Secure Access
Global Secure Access Log Reader
Provides read-only access to network traffic logs in Microsoft Entra Internet Access and Private Access for security analysis.
Scope: Read-only access to Global Secure Access network logs
Permissions
- Read Internet Access logs
- Read Private Access logs
- Read network traffic data
- Access traffic analytics
Common use cases
- Security incident investigation
- Network traffic analysis
- Compliance auditing
- Threat hunting
Best practices
- Correlate with other security data
- Set up regular reviews
- Document findings
Security considerations
- Access to network traffic metadata
- Can see user access patterns
Common questions
When should I assign the Global Secure Access Log Reader role?
Assign Global Secure Access Log Reader when you need to: Security incident investigation; Network traffic analysis; Compliance auditing; and Threat hunting. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Global Secure Access Log Reader role do?
The Global Secure Access Log Reader role grants permissions including: Read Internet Access logs; Read Private Access logs; Read network traffic data; and Access traffic analytics. See the Permissions section above for the full list.
What are the security risks of the Global Secure Access Log Reader role?
Key considerations when assigning Global Secure Access Log Reader: Access to network traffic metadata; and Can see user access patterns. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.