Ensure that the Log Profile created for your Azure cloud activity log is configured to collect logs for all the control and management activity categories, i.e. "Write", "Delete" and "Action", for security and compliance purposes. A Log Profile controls how the activity log is exported and retained within your Microsoft Azure cloud account.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By configuring your account Log Profile to collect logs for "Write", "Delete" and "Action" event categories, ensures that all the control and management activities performed on your Azure subscriptions are exported. These logs can be extremely useful for security and compliance auditing.
Note: When the Azure Log Profile is created using Microsoft Azure Management Console (Azure Portal), by default it is configured to export all activity log event categories. However, when the Log Profile is created using the Azure Command Line Interface (CLI), the user can explicitly choose which of the event categories to export.
Audit
To determine if your Azure Log Profile is configured to export logs for all the supported activities, perform the following operations:
Note: Checking Azure Log Profile configuration for event categories to export using Microsoft Azure Management Console is not currently supported.Remediation / Resolution
To configure your Microsoft Azure Log Profile to export logs for all the supported activities (i.e. "Write", "Delete" and "Action"), perform the following operations:
Note: Configuring Azure Log Profile to export logs for all available activities using Microsoft Azure Management Console is not currently supported.References
- Azure Official Documentation
- Overview of Azure Activity log
- Export Azure Activity log to storage or Azure Event Hubs
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az monitor log-profiles
- az monitor log-profiles list
- az monitor log-profiles update