Azure Storage Account Removed and No log Activity

Muhammad Laique 0 Reputation points
2023-01-12T06:50:53.7+00:00

Hi,

I tried setting up logs on the Azure App Service using Diagnostic settings, to send logs in Azure Storage Blob. I created a new storage account for this purpose, after tests, I removed the Diagnostic settings and storage account.
Soon after this, QA shouted that the API is not working and the dev came to know that the storage account is removed which was used in the API. But these storage accounts were different, in the same resource group. We checked in the Log Activity and only new storage account was listed which was created for logs testing. The storage account which was used within API was not listed anywhere in the activity logs..!
They how did that account get deleted?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,542 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
1,392 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ramya Harinarthini_MSFT 2,261 Reputation points Microsoft Employee
    2023-01-12T14:34:50.5866667+00:00

    @Muhammad Laique Welcome to Microsoft Q&A, thank you for posting your here!!

    Normally, from the activity logs on the Resource group level you should be able to see the Storage account deletion operation which will provide you the Event Initiated by as show in the below reference screenshot.

    User's image

    A deleted storage account may be recovered in some cases from within the Azure portal. To recover a storage account, the following conditions must be true:

    • The storage account was deleted within the past 14 days.
    • The storage account was created with the Azure Resource Manager deployment model.
    • A new storage account with the same name has not been created since the original account was deleted.
    • The user who is recovering the storage account must be assigned an Azure RBAC role that provides the Microsoft.Storage/storageAccounts/write permission. For information about built-in Azure RBAC roles that provide this permission, see Azure built-in roles.

    Microsoft recommends locking resources to prevent accidental account deletion. For more information about resource locks, see Lock resources to prevent changes.

    Hope this helps!
    Kindly let us know if the above helps or you need further assistance on this issue.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    No comments