Ensure that the Log Profile created for your Azure cloud activity log is configured to collect logs for all the control & management activity categories, i.e. "Write", "Delete" and "Action" for security and compliance purposes. A Log Profile controls how the activity log is exported and retained within your Microsoft Azure cloud account.
By configuring your account Log Profile to collect logs for "Write", "Delete" and "Action" event categories ensures that all the control and management activities performed on your Azure subscription are exported. These logs can be extremely useful for security and compliance auditing.
Note: When the Azure Log Profile is created using Microsoft Azure Management Console (Azure Portal), by default it is configured to export all activity log event categories. However, when the Log Profile is created using the Azure Command Line Interface (CLI), the user can explicitly choose which of the event categories to export.
To determine if your Azure Log Profile is configured to export logs for all activities, perform the following actions:Note: Verifying Azure Log Profile configuration for event categories to export using Microsoft Azure Management Console is not currently supported.
Remediation / Resolution
To configure your Microsoft Azure Log Profiles to export logs for all activities (i.e. "Write", "Delete" and "Action"), perform the following actions:Note: Configuring Azure Log Profile to export logs for all available activities using Microsoft Azure Management Console is not currently supported.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Activity Log All Activities
Risk level: Medium