Finding Who Changed Access Level in Microsoft 365 Subscription

Correct Answer: D

You can view any changes made to the access control in Activity log for the selected resource group for the past 90 days, in this case RG-Development.

Option A is incorrect.

The Azure AD sign-in view lets you dig in to details about how your users are signing in to Azure and Office 365.

Option B is incorrect.

The access control - Check access view lets you view the current access levels on the resource, but not changes that have been previously made.

Option C is incorrect.

The resource Tags lets you logically organize your resources into a taxonomy.

To know more about using the activity log, please refer to the link below:

To investigate who changed the access level for the developer in the RG-Development resource group, you need to look in the Azure Portal's Activity log.

Option D - In the resource group blade - Activity log is the correct answer. The Activity log provides a record of all operations that were performed on the resources within the subscription, including any changes made to RBAC roles.

To access the Activity log, follow these steps:

1. Log in to the Azure Portal (https://portal.azure.com/).
2. Navigate to the resource group blade for RG-Development.
3. Click on the "Activity log" link in the left-hand menu.

The Activity log blade will display a list of all the events that have occurred within the subscription, including the details of any changes made to the RBAC roles. You can filter the activity log to show only events related to the RG-Development resource group and the relevant time period.

Once you have identified the event that resulted in the developer's access being changed to Reader, you can determine who performed the operation by reviewing the "Initiated by" field in the activity log.

In conclusion, to investigate who changed the access level for a user in a resource group, you should look in the Azure Portal's Activity log.