As your organization's administrator, you can use the Context-Aware Access audit log to troubleshoot when a user is denied access to an app. Entries usually appear within an hour of when the user’s access is denied.
For more information, go to Context-Aware Access overview.
From the Admin console Home page, go to Reports.
- On the left, under Audit log, click Context-Aware Access.
(Optional) To customize what data you see, on the right, click Manage columns . Select the columns that you want to see or hideclick Save.
(Optional) Review ways to filter and export log data and create alerts.
Data you can view
The Context-aware access audit log provides the following information:
|Event name||The action that was logged, such as a user being denied access to an app|
|User||User who triggered the logged action|
|IP address||IP address of the user|
|Application||App the user was denied access to|
|Device ID||Device ID as shown in Device ManagementEndpoint verification|
|Access level applied||Access levels that are assigned to the app the user tried to access|
|Date||Date and time of the event (displayed in your browser's default time zone)|
At Add a filter, select an Event name to filter data for that event. The audit log shows entries for each time the particular event occurred during the time range that you set. Event names are self-explanatory.
When and how long is data available?
Go to Data retention and lag times.