Audit of admin staff activity

Question

I am looking for a way of producing an audit report of all activity by admin staff in the Azure portal. Monitor / Activity Log seems to provide exactly what I am looking for, providing I also 'filter' by doing a search of the log using @keyman .name which filters out all the system (non-human) events. Great, but I need something a bit more automated than that. Ideally, I like to set something up that would produce this automatically on a weekly basis, emailing me a report of all activity over the past week. If that's not possible then a screen in the portal that I can just click into and see the results as a pre-set report. What's the quickest and easiest way to achieve this? Or perhaps this functionality is already built into Azure, but I am looking in the wrong place?

Answer 1

Hi there,

1) Integrate the Activity Logs with Log Analytics workspace (90 days of storing the log activity data in Log Analytics is free).
2) Create a LogicApp that will query data about the activity that you are looking for

An example of this solution is described here https://thomasthornton.cloud/2019/08/30/creating-automated-reports-using-logic-apps-for-log-analytics-queries/

Answer 2

You might also consider using an Azure Monitor alert. There are several built-in alert templates based on Azure Activity logs.

https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=activity-log

There is an Insight's Dashboard as well: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell#activity-log-insights