- To track user account deletions, log in to your Microsoft Azure portal → Navigate to "Azure Active Directory" → Go to "Users and Groups" → Click "Audit Logs" → Filter the audit log by the "Delete user" activity → Click on the last event with the "Delete user" activity.
- To find out who deleted a user from your Azure AD, refer to the "Actor" section. To find out which accounts were deleted, refer to the "Target" section.
![Native Audit logs for detecting who deleted user account from Azure AD](https://img.netwrix.com/howtos/users_and_groups.png)
- Run Netwrix Auditor → Navigate to "Reports" → Expand the "Azure AD" section → Select "User Accounts Created and Deleted Directly in Azure AD" → Click "View" → Set the "Actions" filter to "Removed only" and click "View Report".
![Netwrix Auditor Report for detecting who deleted user account from Azure AD](https://img.netwrix.com/howtos/detect_who_deleted_user_account_azure_ad_na.png)
- To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".