Audit of admin staff activity

ChrisS 1 Reputation point
2022-10-25T14:34:47.507+00:00

I am looking for a way of producing an audit report of all activity by admin staff in the Azure portal. Monitor / Activity Log seems to provide exactly what I am looking for, providing I also 'filter' by doing a search of the log using @keyman .name which filters out all the system (non-human) events. Great, but I need something a bit more automated than that. Ideally, I like to set something up that would produce this automatically on a weekly basis, emailing me a report of all activity over the past week. If that's not possible then a screen in the portal that I can just click into and see the results as a pre-set report. What's the quickest and easiest way to achieve this? Or perhaps this functionality is already built into Azure, but I am looking in the wrong place?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,933 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Maxim Sergeev 6,566 Reputation points Microsoft Employee
    2022-10-26T17:59:34.207+00:00

    Hi there,

    1) Integrate the Activity Logs with Log Analytics workspace (90 days of storing the log activity data in Log Analytics is free).
    2) Create a LogicApp that will query data about the activity that you are looking for

    An example of this solution is described here https://thomasthornton.cloud/2019/08/30/creating-automated-reports-using-logic-apps-for-log-analytics-queries/

    0 comments No comments

  2. Andrew Blumhardt 9,676 Reputation points Microsoft Employee
    2022-10-26T18:06:07.42+00:00

    You might also consider using an Azure Monitor alert. There are several built-in alert templates based on Azure Activity logs.

    https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=activity-log

    There is an Insight's Dashboard as well: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#activity-log-insights