Who deleted the Collection? Who Modified the Collection? Who Deployed the application? SCCM Audit Reports?
The SCCM Audit Status messages will help you get answers for most of the accidental issues that happen in the SCCM environment. In this video, we will see how to trace who deleted or modified, or changed SCCM Settings.
SCCM Audit Status Messages Track Who Deleted Modified Changed Settings
How to Trace SCCM Deletions
- Who deleted the SCCM collection?
- SCCM Audit Reports Who Initiated CMPivot Query | ConfigMgr
- Who Deleted ConfigMgr Task Sequence | Modified |Created | SCCM
- Who Deleted the packages?
- Who Created the application?
- Who Modified the Collections?
- Who created/deleted Azure Services?Â
- Who Approved the Script?
- Who started the download of updates and Servicing package?
- Who deleted the collection? Who removed the member of a collection? Who modified the collection query?
- Who deployed/deleted the application or package or Task Sequence?
- Who removed/modified the Boundary or Boundary Group?
- Who installed/deleted site system server roles?
- Who changed/deleted the client settings?
- Who took the remote control of the machine?
SCCM Audit Status messages
The above video tutorial will provide more details about the details audit messages. How many default audit reports are available in SCCM? How many SCCM audit status messages are stored in SCCM etc.

Report name Description ( SCCM audit ) Administration activity log – Displays a record of administrative changes made for administrative users, security roles, security scopes, and collections.
Administrative user’s security assignments Display administrative users, their associated security roles, and the security scopes associated with each security role for each user.
Objects secured by a single security scope Displays objects that an administrator assigned to only the specified security scope. This report does not display objects that an administrator associates with more than one security scope.
Security for a specific or multiple Configuration Manager objects Displays securable objects, the security scopes associated with the objects, and which administrative users have rights to the objects. SCCM audit reports.
Security roles summary Displays security roles and the Configuration Manager administrators associated with each role.
SCCM audit: Security scopes summary Displays security scopes and the Configuration Manager administrative users and security groups associated with each scope.
Resources
Latest SCCM Related Posts – https://howtomanagedevices.com/sccm/