![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 35%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,456 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 74%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Hello Shivam Sood,
Welcome to microsoft Q&A. Thankyou for posting your query here
1.AKS (Azure Kubernetes Service) is a managed service, where many of the underlying Kubernetes components and configurations are managed by Azure for simplicity and to ensure a secure and optimized environment.
2.AKS does not provide direct access to the kube-api-server configuration, including passing flags such as --audit-policy-file.
3.We may not have the same level of customization as manually editing the --audit-policy-file, Azure Monitor for Containers provides a robust set of tools for monitoring, logging, and responding to events in your AKS cluster.
4.we can enable and configure audit logging for your AKS cluster through Azure Monitor to collect, analyze, and act on audit logs from your AKS cluster.
5.Enable Azure Monitor for Containers, if you haven't already, you need to enable Azure Monitor for Containers on your AKS cluster. This can be done through the Azure Portal and Azure CLI. This service collects logs and metrics from your AKS cluster, including control plane logs.
6.In Azure Portal, navigate to your AKS cluster resource, and find the "Diagnostic settings" section. Here, you can add a diagnostic setting to specify which data to collect. For auditing purposes, ensure that "Kubernetes audit logs" or similar are selected. You can send these logs to different destinations, including Log Analytics workspace, Event Hubs, or Storage Account.
7.Once configured, audit logs can be queried and analyzed from the Log Analytics workspace you've sent the logs to. You can use Kusto Query Language (KQL) to write queries and analyze the audit data.
Hope this helps you. If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!