Who can delete/modify the logs stored in Application Insights

Question

Please refer us to the Microsoft documentation that speaks about the access restrictions to the logs stored in App Insights (e.g., who can delete/modify the logs in App Insights).

Answer 1

Hello @Prabhusai Kotha (Ernst & Young LLP)

This is a bit of a multi layered answer.

1. **Before the data is ingested into Azure Log Analytics / Application Insights ** - Anyone who can modify the code prior to ingestion via the Application Insights SDK
2. Once inside Application Insights (Classic Model) - Anyone with the permissions to run the Application Insights Purge API can delete the data (not modify).
3. Once inside Application Insights (Workspace Model) - Anyone with the permissions to run the Workspace Purge API can delete the data (not modify).

Both Application Insights and Workspace purge API requires the Data Purger role to be able to execute this. Having the owner role is not sufficient enough. Data is not immediately removed, but done within our SLA's:

While most purge operations complete much quicker, the formal SLA for the completion of purge operations is set at 30 days due to their heavy impact on the data platform. This SLA meets GDPR requirements. It's an automated process, so there's no way to expedite the operation.

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/personal-data-mgmt

The key thing to understand that Application Insights (Classic) and Application Insights (Workspace) use Log Analytics and are read-only databases. Once data is ingested, you cannot modify the data in anyway. The only thing you can do to the data is purge it, either via its set retention periods, or by using the purge Api, which is not granted by default for any role.

I hope this helps provide you with the information you need. If it does, please make sure to mark the question as answered so it helps other people in future.

Kind regards

Alistair