Best practice rules for Monitor
- Activity Log All Activities
Ensure audit profile captures all the activities.
- Activity Log All Regions (Deprecated)
Ensure that Azure Log Profile is configured to capture activity logs for all regions.
- Activity Log Retention (Deprecated)
Ensure that Azure activity log retention period is set for 365 days or greater.
- Activity Log Storage Encryption with Customer-Managed Key
Use Customer-Managed Keys (CMKs) for Azure activity log storage container encryption.
- Azure Activity Log Profile in Use (Deprecated)
Ensure that a Log Profile exists for each subscription available in your Azure account.
- Check for Publicly Accessible Activity Log Storage Container
Ensure that the Azure storage container storing the activity logs isn't publicly accessible
- Configure Application Insights
Ensure that an Application Insights resource is created within your Azure cloud account.
- Configure Diagnostic Setting Categories
Ensure that the diagnostic settings are configured to capture the appropriate categories.
- Enable Diagnostic Logs for the Supported Resources
Ensure that Diagnostic Logs are enabled for the supported Azure cloud resources.
- Enable Exporting Activity Logs for Azure Cloud Resources
Ensure that exporting activity logs is enabled for each cloud resource within a subscription.
- Enable Subscription Activity Log Diagnostic Settings
Ensure that Azure Monitor Activity Logs for subscriptions are exported via diagnostic settings.