How can I see WHAT changes were made to a storage container in Azure

Ian Shiel - Admin Account 20 Reputation points

specifically in Storage Accounts and Containers. It seems that while it is easy to see the creation and deletion of storage resources there is not sufficient detail in the activity records to see what was done when the properties of a storage container are changed. For example if a container access level is changed from 'Private' to 'Blob' or 'Container' you just get a 'put blob container' record in the activity log with a 'write' action in the HTML.

Logging is enabled as per below

.User's image

As well as adds and deletes I can see who made changes to what containers and when they did it in a "Put blob container" activity record.

User's image

However I cannot see WHAT change was made to the container

For example if the access level was changed from "PRIVATE" to "BLOB" or "CONTAINER" I want to see that. I also want to see the properties of the container when it is created (for example, if it was created with BLOB or CONTAINER access level.

Is this possible?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,529 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,279 questions
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 31,996 Reputation points Microsoft Employee

    @Ian Shiel - Admin Account

    I see that you are using Diagnostic settings (classic) I tested this using the new Diagnostic settings and can see a similar result. Here is the API request for updating the Public access level for a test container.

    { "time": "2023-08-02T21:57:01.7568556Z", "resourceId": "/subscriptions/6d66dcb9-3060-49cf-b058-f1a951b02313/resourceGroups/dehermanmigrate/providers/Microsoft.Storage/storageAccounts/dehermanlogging/blobServices/default", "category": "StorageWrite", "operationName": "SetContainerACL", "operationVersion": "2019-07-07", "schemaVersion": "1.0", "statusCode": 200, "statusText": "Success", "durationMs": 4, "callerIpAddress": "", "correlationId": "00be6562-701e-000e-468c-c57eb2000000", "identity": {"type":"AccountKey","tokenHash":"system-1(952959A08A50FC0E20A8D310D93F8053A775045C91548E085EDEAF025E41B373)"}, "location": "westus2", "properties": {"accountName":"dehermanlogging","etag":"\"0x8DB93A366D99FDF\"","serviceType":"blob","objectKey":"/dehermanlogging/container2","lastModifiedTime":"8/2/2023 9:57:01 PM","metricResponseType":"Success","serverLatencyMs":2,"requestHeaderSize":392,"requestBodySize":61,"responseHeaderSize":181,"contentLengthHeader":61,"tlsVersion":"TLS 1.2"}, "uri": "", "protocol": "HTTPS", "resourceType": "Microsoft.Storage/storageAccounts/blobServices"}

    The operation being performed is SetContainerACL. You can see in the Sample request that the Permission is set in the Request Body.

    In the Azure Blob Storage monitoring data reference you can the available fields and properties, RequestBody is not something that is logged or can be logged.

    Since you are talking about the container access level you might find this page helpful. It goes into detail about how to remediate this issue and how to create a policy to restrict this.

    Hope this helps. Let me know if you still have questions.

    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A! User's image

    0 comments No comments