Some previously available Entra features, such as “Sign-in events”, “Risky users”, and “Legacy protocols”, are now available under Reports > Security and are no longer included in the Entra audit report.
The Entra audit report provides visibility into audited Entra activities within the Microsoft 365 tenant. It includes records of operations performed in Entra, with details such as the operation, creation time, User ID, Object ID, and other available audit properties.
By selecting “Columns”, additional available properties can be shown or hidden in the report. The report can also be filtered, exported, saved, or scheduled with the selected configuration. The time interval can be adjusted from the top-right corner of the page.
Entra audit report and Virtual Tenant scope
This report is Virtual Tenant-sensitive. When a Virtual Tenant is applied, record visibility is validated only on the User ID field, which identifies who performed the action. No validation is performed on the Object ID field, which identifies the impacted object.
As a result, audit visibility reflects who performed the action, not which object was impacted. If the user who performed the action belongs to the same Virtual Tenant as the operator viewing the report, the audit record is visible even if the impacted object is outside that operator’s Virtual Tenant scope. Conversely, if the impacted object belongs to the operator’s Virtual Tenant but the user who performed the action is outside that scope, the audit record is not visible.