skip to Main Content

Is it possible to validate or check who has created/deleted resources apart from the azure resources group Audit log or deployment group?

As per my understanding system will hold an audit log for not more than 3 months.

And what in case someone deletes a resources group.. how to track who has deleted etc.

Appreciate your input/guidance or the best approach to capture such details.

2

Answers


  1. All activities, including de deletion of resource groups, are recorded in the Activity Log. It logs also the caller (username of the user that initiated the operation):

    enter image description here

    As per my understanding system will hold an audit log for not more than 3 months.

    You can setup a continuous export of the Activity Log to for example a storage account or a Log Analytics Workspace. The retention for a Log Analytics Workspace can be set to a maximum of 730 days.

    If you route the logs to a storage account you can have unlimited storage retention.

    Login or Signup to reply.
    • *As far as I know and as per the document, we don’t have any way other than Azure Activity logs to find out the information related to activities done.
    • And as you already know we have 90days of retention time but if you want to get longer retention time you can create diagnostic setting and route to different locations.

    enter image description here

    • Here is the Document which will help you in creating diagnostic settings. *

    enter image description here

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search