Tag: Get-MgAuditLogDirectoryAudit

A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2025. This only affects Microsoft 365 tenants that use ID governance for features like inactive guest access reviews, but unexpected charges might come as a surprise. This article explains a PowerShell script to find chargeable events in audit logs and how to calculate likely charges.

Audit logs hold lots of information, including records for when Azure AD consent permission grants happen. Checking the audit data can detect illicit grants. Records are in the Azure AD audit log and are also ingested into the Office 365 (unified) audit log, so there’s two places to check. The audit data is interesting and could help administrators work out if a permission grant is illicit. But only if checks are made and people review the reports.