Ensure that the Log Profile created for your Azure cloud activity log is configured to export activities from all supported regions including global. A Log Profile controls how the activity log is exported and retained within your Microsoft Azure cloud account.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By configuring your account Log Profile to export the activity logs from all Azure supported regions, the logging data recorded for potentially unexpected activities occurring in otherwise unused regions are stored and made available later for incident response, investigations and internal audit. Including global region in the Azure Log Profile locations ensures all events from the account control & management console are also exported, as many events in the activity log are global events.
To determine if your Log Profile is configured to export activity logs from all Azure regions, perform the following actions:
Remediation / Resolution
Since many events in the Azure activity log are global events it is highly recommended to include all Azure regions (locations) within the Log Profile configuration. To configure your Azure Log Profile to capture activity logs for all supported regions (including global region), perform the following actions:
- Azure Official Documentation
- Overview of Azure Activity log
- Export Azure Activity log to storage or Azure Event Hubs
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Activity Log All Regions
Risk level: Medium