Ensure that an Azure activity log alert is used to detect "Delete Policy Assignment" events within your Microsoft Azure cloud account. Activity log alerts get activated when a new activity log event that matches the condition specified in the alert occurs. In this case, the condition used is 'Whenever the Policy Activity Log "Delete policy assignment (policyAssignments)" has "any" level, with "any" status and event is initiated by "any"'.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Monitoring your Azure cloud account for "Delete Policy Assignment" events can provide insights into the changes done within the "Policy Assignment" policy and can help reduce the time it takes to detect unsolicited changes.
To determine if there is an activity log alert created for "Delete Policy Assignment" events within your Azure cloud account, perform the following actions:
Remediation / Resolution
To create a Microsoft Azure activity log alert for detecting "Delete Policy Assignment" events within your Azure cloud account, perform the following actions:
- Azure Official Documentation
- Create, view, and manage activity log alerts by using Azure Monitor
- Alert processing rules (preview)
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Create Alert for "Delete Policy Assignment" Events
Risk level: High