I have a requirement to Audit all changes in AccessPolicies of Azure KeyVaults. I see that there is some event getting written in ActivityLog of the AKV. But I only see who has initiated the change (Caller) But Activity does not tell me what level of access has been provided to AKV.
In order to view what level of access has been provided/removed from your AKV, you can select the Operation name from your Activity Logs -> Change History -> Select properties.accessPolicies
- AKV Activity Log screenshot.
Once on the "Changed Properties" screen you can select your desired property to see the old value and new value correlating to a ObjectID (user, group, service principle). Old Value/New Value screenshot]