Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named User1 is a member of a dynamic group named Group1.
User1 reports that he cannot access documents shared to Group1.
You discover that User1 is no longer a member of Group1.
You suspect that an administrator made a change that caused User1 to be removed from Group1.
You need to identify which administrator made the change.
Which audit log activity should you search in the Security & Compliance admin center?
A. Azure AD group administration activities – Removed member from group
B. User administration activities – Updated user
C. Azure AD group administration activities – Updated group
