Who can delete/modify the logs stored in Application Insights

Prabhusai Kotha (Ernst & Young LLP) 21 Reputation points Microsoft Vendor
2022-11-28T07:26:59.52+00:00

Please refer us to the Microsoft documentation that speaks about the access restrictions to the logs stored in App Insights (e.g., who can delete/modify the logs in App Insights).

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,014 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alistair Ross 7,106 Reputation points Microsoft Employee
    2022-11-28T12:55:03.17+00:00

    Hello @Prabhusai Kotha (Ernst & Young LLP)

    This is a bit of a multi layered answer.

    1. **Before the data is ingested into Azure Log Analytics / Application Insights ** - Anyone who can modify the code prior to ingestion via the Application Insights SDK
    2. Once inside Application Insights (Classic Model) - Anyone with the permissions to run the Application Insights Purge API can delete the data (not modify).
    3. Once inside Application Insights (Workspace Model) - Anyone with the permissions to run the Workspace Purge API can delete the data (not modify).

    Both Application Insights and Workspace purge API requires the Data Purger role to be able to execute this. Having the owner role is not sufficient enough. Data is not immediately removed, but done within our SLA's:

    While most purge operations complete much quicker, the formal SLA for the completion of purge operations is set at 30 days due to their heavy impact on the data platform. This SLA meets GDPR requirements. It's an automated process, so there's no way to expedite the operation.

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/personal-data-mgmt

    The key thing to understand that Application Insights (Classic) and Application Insights (Workspace) use Log Analytics and are read-only databases. Once data is ingested, you cannot modify the data in anyway. The only thing you can do to the data is purge it, either via its set retention periods, or by using the purge Api, which is not granted by default for any role.

    I hope this helps provide you with the information you need. If it does, please make sure to mark the question as answered so it helps other people in future.

    Kind regards

    Alistair

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful