Welcome to the Microsoft Q&A Platform and thank you for your question!
Based on your descriptions, I would like to share a few steps that may help resolve the issue you are encountering.
- Monitoring Elevation to User Access Administrator
1.Use Microsoft Entra Audit Logs
These logs capture when a user elevates privileges to the User Access Administrator role and when that access is removed. You can view this in the Microsoft Entra admin center or route logs to Azure Monitor for long-term retention
2.View Audit History in PIM
Go to: Microsoft Entra Admin Center → ID Governance → Privileged Identity Management → Microsoft Entra roles
Select Resource audit to see all activity associated with elevated roles.
Use My audit to view your own elevation history
3.Use Microsoft Sentinel for Advanced Monitoring Sentinel can ingest Microsoft Entra audit logs and alert on elevation events. This is useful for real-time monitoring and compliance
- Using Microsoft Entra PIM for User Access Administrator Role
1.Enable PIM
Navigate to: Microsoft Entra Admin Center → Identity Governance → Privileged Identity Management
Enable PIM for Microsoft Entra roles
2.Assign Role as Eligible
Assign the User Access Administrator role as eligible, not permanent. This ensures users must activate the role when needed, reducing standing privileges
3.Configure Activation Settings
You can enforce Multi-Factor Authentication (MFA), Approval workflows, Justification prompts and Time-bound access
4.Audit and Access Reviews
Use access reviews to validate ongoing need for the role. You can assign reviewers and automate removal of unnecessary access
5.Power Platform Considerations
If you're working in environments like Dynamics 365 or Power Platform, elevation to System Administrator via PIM is required for certain tasks. Microsoft removes the elevated role automatically when the PIM assignment expires.
Please let me know how it goes. Wishing you a successful resolution and a great day!