This is available in all sandbox and production tenants.
New audit events enable admins to report on out-of-band changes.
What are native changes / out-of-band changes?
Native changes, or out-of-band changes, occur when application admins provision access external to Identity Security Cloud. For example, a helpdesk user might use Active Directory Users and Computers to add groups to an account instead of instructing the account’s owner to submit an access request.
See the original Native Change Detection announcement for more details.
How do I search for the audits?
Admins can find three distinct audits:
- Create Native Change Detected is audited after the Native Change Account Created trigger fires alongside Account Creation operations.
- Update Native Change Detected is audited after the Native Change Account Updated trigger fires alongside Account Update operations.
- Delete Native Change Detected is audited after the Native Change Account Deleted trigger fires alongside Account Deletion operations.
Use these search queries:
name:"Create Native Change Detected"
name:"Update Native Change Detected"
name:"Delete Native Change Detected"
This assumes you’re using the recommended default configuration to monitor changes to all entitlement attributes for all account operations (Create, Update, and Delete).
What’s Next on the Roadmap?
Admins will be able to get started fast using Workflow templates to:
- Micro-certify entitlements added through native change.
- View native changes as governance events in Access History.
Submit Questions or Feedback
Submit questions or feedback, and we’ll be in touch.