Azure Resource Read Usage Admin Logs

Sravan Reddy 0 Reputation points
2024-11-08T18:51:58.98+00:00

I am looking to be able to extract Azure console usage via resource reads from users. GCP supports this via data access audit logs that can be enabled https://cloud.google.com/logging/docs/audit/configure-data-access and fetched over API or through pub/sub

I don't see the equivalent levers to pull for Azure - is there a feature gap or am I missing how to extract resource read logs? If this is a feature gap, are there plans to get to parity with GCP?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,363 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vinodh247 25,046 Reputation points MVP
    2024-11-10T14:38:31.8866667+00:00

    Azure provides several logging mechanisms to monitor and audit resource access, including read operations, though the approach differs from Google's Data Access Audit Logs.

    Azure Activity Logs: These logs capture control-plane events such as create, update, and delete operations on Azure resources. However, they do not record data-plane read operations.

    Azure Resource Logs: These logs offer insights into operations performed within Azure resources, including data-plane activities. To collect and analyze these logs, you need to configure diagnostic settings for each resource and direct the logs to a destination like a Log Analytics workspace, Event Hub, or Storage account.

    Diagnostic Settings Configuration: By setting up diagnostic settings on your Azure resources, you can capture data-plane operations, including read activities. This process involves selecting the appropriate log categories and directing them to your chosen destination for analysis.

    Accessing Logs via API: Once logs are collected in a Log Analytics workspace, you can query them using the Azure Monitor Logs API. This allows for programmatic access to the logs, enabling integration with other systems or custom analysis.

    Comparison with GCP: While Azure's logging capabilities are robust, they require manual configuration to capture data-plane read operations, unlike GCP's Data Access Audit Logs, which can be enabled more directly. As of now, Azure does not offer a native, unified feature specifically for tracking all data-plane read operations across all services.

    Future Plans: Microsoft continuously enhances Azure's monitoring and logging features. For the most current information on feature updates and planned enhancements, it's advisable to consult the Azure updates page or contact Microsoft support.

    In summary, while Azure can capture resource read operations through resource logs and diagnostic settings, it requires more configuration compared to GCP's approach. Staying informed about Azure's updates will help you leverage new features as they become available.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.