How to access an policy audit log of an container with one or more legal holds in effect?

Georg Künz 20 Reputation points
2024-02-15T15:41:00.2533333+00:00

The documentation (Link) to "Azure Legal holds for immutable blob data" states: Each container with a legal hold in effect provides a policy audit log. The log contains the user ID, command type, time stamps, and legal hold tags. The audit log is retained for the lifetime of the policy, in accordance with the SEC 17a-4(f) regulatory guidelines. How exactly can the audit log for an specific container with one or more legal holds in effect be accessed? Thx!

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,782 questions
{count} votes

Accepted answer
  1. KarishmaTiwari-MSFT 19,782 Reputation points Microsoft Employee
    2024-02-28T22:54:46.6533333+00:00

    @Georg Künz I was able to get some information on this from the product team.

    It doesn't look like it is possible to access the audit logs for legal holds via Azure Portal, but it is supported by the REST API: GetBlobContainersGetWithAllowProtectedAppendWritesAll

    Looking at the sample response under Legal Hold, we can see the tags, timestamp, objectIdentifier and tenantId:

    enter image description here

     
    Hope that helps.


    If you have questions, please let me know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    Please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members for remediation for similar issues.

    User's image

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.