Viewing Logs from Several Azure Accounts

Question

Our company maintains an azure account per customer, nearing 100.

Each azure account has one or more Recovery Services vaults, and we want to check the backup logs to these vaults daily.

Our current process is logging in to each account separately, checking the logs, then moving to the next account.

Is there a way to allow access to these logs externally, or to a 'master account', of some sort?

We must have these as separate accounts in any case.

Answer 1

Hi

you could created dedicated Log Analytics workspaces on each customer subscription, and then use Azure Lighthouse to gather Azure Monitor alerts across each Log Analytics workspace in each of the subscriptions.

More details here:

https://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-at-scale

Hope this helps,

Thanks

Michael Durkan

• If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!

Answer 2

Adding to Michael's comment. Lighthouse is a one-way delegation or trust. You can use the graphical tool in the portal or JSON to create a Lighthouse offer. This links a group or identity in your tenant to a built-in AAD role in the customer or child tenant. Both sides can track activity in the Activity Logs down to the user level. Both sides can terminate the relationship. You make the offer, they import the template, and you manage group membership on your end.

You can also use customer-managed guest accounts. I think there is another delegation option for official cloud partners in the partner portal.

The big benefit with Lighthouse is that you can use cross workspace queries to aggregate information from customer workspaces into a single workbook. You might look into the Sentinel MSSP guide for related scenarios.