Is it possible to validate or check who has created/deleted resources apart from the azure resources group Audit log or deployment group?
As per my understanding system will hold an audit log for not more than 3 months.
And what in case someone deletes a resources group.. how to track who has deleted etc.
Appreciate your input/guidance or the best approach to capture such details.
2
Answers
All activities, including de deletion of resource groups, are recorded in the Activity Log. It logs also the caller (username of the user that initiated the operation):
You can setup a continuous export of the Activity Log to for example a storage account or a Log Analytics Workspace. The retention for a Log Analytics Workspace can be set to a maximum of 730 days.
If you route the logs to a storage account you can have unlimited storage retention.