As your organization's administrator, you can use the Context-Aware Access audit log to troubleshoot when a user is denied access to an app. Entries usually appear within an hour of when the user’s access is denied.
From the Admin console Home page, go to Reports.
- On the left, click Audit Context-Aware Access.
(Optional) To customize what you review, on the right, click Manage columns , select the columns that you want to see or hide, and click Save.
Review ways to filter and export log data and create alerts.
Data you can view
|Event description||The action that was logged, such as a user being denied access to an app.|
|Device ID||Device ID as shown in Device Management > Endpoint verification|
|Application||App the user was denied access to.|
|Access Level Applied||Access levels that are assigned to the app the user tried to access.|
|IP address||IP address of the user.|
|Date||Date and time of the event (displayed in your browser's default time zone).|
For more information, go to Context-aware access.
When and how long is data available?
Go to Data retention and lag times.