Azure Files Auditing and Modification Tracking

Question

Hey Support

I am seeking a solution that can effectively monitor file operations within Azure files. Specifically, we require a solution that can track the following changes made within the file share for internal auditing purposes.

• File Creates, Deletes, and Modifications - needs to record these actions along with the corresponding date and time stamps.
• Captures the user IDs associated with each file operation to ensure accountability.
• Ability to trace files within a folder hierarchy is essential. This will allow us to determine the parent project folder to which each file relates for reporting.
• Modification Tracking - In cases of file modifications by users, the solution should detail what changes were made to the file content.

After conducting some research, I have identified the following:

• Azure Storage Logs: By using log analytics, operations such as creates, deletes, and updates are logged. However, this does not capture detailed content changes.
• VM Change Tracking: This would necessitate mounting an SMB share. However, I do not believe it would effectively track changes made at the SMB-level file share.
• Azure Purview: It seems that this may not align with our requirements, as it is more focused on data protection rather than active auditing of file modifications. However happy to understand otherwise.

Are there any third-party vendors that might be suitable for our needs? While we prefer to utilize native Azure products, solution needs to address the points mentioned above for external auditing. So far, I have identified the following options: Adaudit Plus, Tripwire FIM, and Netwrix.

We would appreciate any recommendations or insights on tools or services that can meet these requirements. Thank you :)

Answer 1

Hi Daniel Greenwood,

Azure Purview is primarily designed for data governance and compliance, offering a range of features to help organizations manage and protect their data. While it might not provide the detailed file-level change tracking you're looking for, it does offer several capabilities that could be beneficial for your needs,

Key Features of Azure Purview

Data Discovery and Classification:

• Azure Purview can scan and classify data across your Azure environment, including Azure Files. This helps in identifying sensitive information and ensuring it is properly protected.

Data Lineage:

• It provides data lineage capabilities, allowing you to track the flow of data across various systems. This can help in understanding how data is being used and transformed within your organization.

Compliance and Risk Management:

• Purview offers tools for compliance management, helping you adhere to regulatory requirements. It includes features like data classification, sensitivity labels, and compliance reporting.

Unified Data Governance:

• It provides a unified view of your data estate, enabling better governance and management of data assets. This can help in ensuring that data is used responsibly and in compliance with policies.

Azure Purview Can Help Protect Azure Files, by classifying data and applying sensitivity labels, you can ensure that sensitive information within Azure Files is properly protected, and access is controlled.

Purview's compliance reporting tools can help you demonstrate compliance with regulatory requirements, which can be useful for external audits, Understanding data lineage can help you trace the origin and flow of data, providing insights into how data is being used and ensuring accountability.

While Azure Purview might not fully meet your need for detailed file-level change tracking, it can complement other solutions by providing robust data governance and compliance capabilities

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.           

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.