Security Center access depends on permissions. Some users may view logs, while only settings administrators can generate or export access review material.
Security Center tabs
| Tab | Use it for |
|---|---|
| Events | Search authentication, access, policy, recovery, and admin activity. |
| Alerts | Review elevated-risk or anomaly activity surfaced by Sofie. |
| Access Reviews | Generate and inspect snapshots for privileged access and policy gaps. |
| Recovery | Review passkey recovery, removal, restore, and deletion-related activity. |
Review events
Use Events when you need to search activity. Filters may include:- Search text.
- Actor.
- Subject.
- Date range.
- Category.
- Risk level.
- Auth.
- Access.
- Policy.
- Recovery.
- Data recovery.
- Admin.
Review alerts
Use Alerts for activity that deserves focused inspection. When reviewing an alert:- Check when it happened.
- Check actor and subject.
- Check risk level.
- Open any available action link.
- Dismiss only after you understand why it appeared.
- Escalate according to your organization’s process when needed.
Generate access review snapshots
Access review snapshots can help capture a point-in-time view of privileged access, overrides, pending invites, and passkey policy gaps.Review recovery activity
Use Recovery when you need to inspect:- Passkey recovery.
- Passkey removal.
- Account recovery steps.
- Restores.
- Workspace deletion-related activity.
Security review checklist
Use this checklist during regular review:- Privileged users still need elevated access.
- Privileged users meet passkey policy.
- Stale accounts are addressed.
- Pending invitations are still valid.
- Recent high-risk alerts are explained.
- Recovery events match expected support activity.
- Integration administration changes were expected.
- Access review snapshots are stored according to your process.