To collect detailed information on resource operations, ensure that Diagnostic Logs are enabled for your Azure Machine Learning (ML) workspaces. Diagnostic Logs provide detailed insights into operations, helps identify and resolve issues quickly, ensures compliance with governance policies, and supports auditing and analysis of resource usage and performance.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
excellence
optimisation
efficiency
By default, Diagnostic Logs are not enabled for your Azure Machine Learning (ML) workspaces. Without Diagnostic Logs, the visibility into your Azure data plane is greatly reduced. This diminishes your organization's ability to detect potential attacks, unauthorized requests, or other malicious activity. For example, without Diagnostic Logs, it would be difficult to tell which entities had accessed a breached data store. In addition, alerts for failed attempts to access APIs for Azure database services are only possible when diagnostic logging is enabled. Once collected, Diagnostic Logs should be sent to a storage account and a Log Analytics Workspace or an equivalent third-party system. The log files should be kept in readily accessible storage for at least one year, and then moved to inexpensive cold storage for a longer duration (for security and compliance auditing).
Audit
To determine if Diagnostic Logs are enabled for your Azure Machine Learning workspaces, perform the following actions:
Remediation / Resolution
To enable and configure Diagnostic Logs for your Azure Machine Learning (ML) workspaces, perform the following operations:
References
- Azure Official Documentation
- Monitor Azure Machine Learning
- Diagnostic settings in Azure Monitor
- Manage Azure Machine Learning workspaces using Azure CLI
- Supported metrics with Azure Monitor
- Manage Azure Machine Learning workspaces in the portal or with the Python SDK (v2)
- Azure Command Line Interface (CLI) Documentation
- az ml workspace list
- az monitor diagnostic-settings list
- az monitor diagnostic-settings show
- az monitor diagnostic-settings create
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Diagnostic Logs for Machine Learning Workspaces
Risk Level: Medium