Powershell script for checking the time stamp of when the user was assigned a role (for example owner) in Azure Subscriptions

Question

I have a requirement for generating alert like sending mail to the admin for the user who have high level of access granted for more than 3 days. I am able to find the users details like DisplayName, SignInName, RoleDefinitionName with Get-AzureRmRoleAssignment command, but the problem is How can i know the time stamp when was this user assigned this role. Please help me with powershell script to find the time stamp of when the user was assigned this role(for example owner) in azure.

Answer 1

Use Get-AzureRmLog to get the activity logs for Azure RBAC changes. Please note that the log can only be kept for 90 days.

For example:

#get the role assignment
$ra = Get-AzureRmRoleAssignment -ObjectId 256d1966-019b-479c-a71f-d5a1xxxxxx43
#find the role assignment id, for example: $ra[1].RoleAssignmentId
$ra[1].RoleAssignmentId
#get the azureRm log in the past 10 days by filtering with resource id
$rmlog = Get-AzureRmLog -ResourceProvider Microsoft.Authorization -StartTime (Get-Date).AddDays(-10) | Where-Object{$_.ResourceId -eq $ra[1].RoleAssignmentId} 
#get the SubmissionTimestamp and EventTimestamp, see which one is what you want
$rmlog.SubmissionTimestamp
$rmlog.EventTimestamp