@rkyttle Thanks for the feedback! We are currently investigating and will update you shortly.

@rkyttle do you have the Azure AD module installed as well?

https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

I do have the Azure AD module installed as well, but I don't see why that would be needed.
It looks like the Get-AzureRmAuthorizationChangeLog was present in Azure RM PowerShell Module 2.2.0, is it possible that it was deprecated?
https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/?view=azurermps-2.2.0

@rkyttle thanks for that. I just did a test and I am also having issues. Seems others are as well.

@rolyon I see you are the author of https://docs.microsoft.com/en-us/azure/role-based-access-control/change-history-report Do you have any idea on this?

Hi @MicahMcKittrick-MSFT - It looks like these commands no longer apply. Let me see what I can find. I sent a message to a person in identity to try to get more info.

@MicahMcKittrick-MSFT @rkyttle - I think you now use the Azure Activity Log in the Administrative category.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-activity-logs

Thanks @rolyon! @rkyttle can you take a look and let us know if that helps?

I am familiar with Azure Activity Logs, but I don't see a default way to use them to just show a history of access level changes like Get-AzureRMAuthorizationChangeLog claimed to be able to do. If I select the Administrative category, I am seeing different events other than just changes to account access.

@MicahMcKittrick-MSFT @rkyttle - I haven't used Activity Logs, but I think you can export a .csv file and filter. If you are interested in PowerShell or CLI commands, this article might be helpful:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit?toc=%2fazure%2fmonitoring-and-diagnostics%2ftoc.json

@rkyttle please go ahead and give that a try.

@rolyon I will assign this to you as we should have the referenced article removed/ updated since it is no longer valid

https://docs.microsoft.com/en-us/azure/role-based-access-control/change-history-report

in-progress

Thank you Micah and Robert. Robert, I did give the CSV export a try but it does not provide the same details that the Get-AzureRMAuthorizationChangeLog cmdlet provided.

Thanks for the feedback. I've made some updates to this article. Hopefully these updates help.
https://docs.microsoft.com/en-us/azure/role-based-access-control/change-history-report

please-close

Hi Robert,

Thanks for the update on the article. I have a question though on the recommendation to use the Administrative category for viewing events using the Azure portal.

The issue I see with this is this filter shows additional events beyond just the role definition and role assignment operations. In my case, I am seeing events for things including activity with my storage accounts, or virtual machine extensions.

I think what is needed is that instead of looking at the entire Administrative category, the query from the Azure portal needs to filter on the Resource type: Role assignment (roleAssignments)

Hi @rkyttle,
Thanks for the feedback. I've created an item in our backlog to add activity log filtering options for RBAC to the article.