The Azure Governance Toolbox – Part 4: Auditing
In the introduction to this series, we listed the 4 high-level categories of Azure governance, namely resource organization, resource security, auditing, and cost.
In this part, we will focus on Auditing.
You can break Auditing down into the following sub-categories: Activity Logs, and Alerts. Let’s explore each of these.
Azure Activity Logs
Azure Activity Logs is the audit trail for everything that occurs within an Azure Subscription. It records and provides information on operations that have occurred on your resources (not specifically within your resources, like Diagnostic Logs).
When it comes to auditing, you want to know what happened, when, and by whom. We get all of this information via the Activity Logs.
It ties in nicely with Azure Alerts, since you may want to be notified when a particular type of action is taken against a resource (i.e. someone triggers a Delete command).
However, it is important to note that Azure Activity Logs are only stored/kept for 90 days. If you need to keep these log files for a longer period of time, you will need to Archive the Azure Activity Log in an Azure Storage account, or Collect and Analyze Azure Activity Logs in Log Analytics.
The Monitor Subscription Activity with the Azure Activity Log article is a great place to start.
Azure Alerts
Azure Alerts are not specifically a mechanism of auditing, however, they tie-in since you can leverage them to react to auditing events.
In the example listed previously, you can configure an Alert when the Activity Logs reports that a Virtual Machine has been shutdown (or worse, deleted). Then, as part of your auditing process, those details can be logged within an ITSM system to maintain traceability.
A lot of these components tie into monitoring and management as well, so we won’t go too deep here. However, if you would like a deeper dive, along with some real-world examples, check out my blog series on Azure Monitoring Tools Explained.
Check out the article Create Activity Log Alerts Using the New Alerts Experience to get started.
Now that we’ve covered Auditing, let’s move onto our last high-level category, Cost Controls.