How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role

Sahith Thatipalli 40 Reputation points
2024-03-19T18:48:27.7766667+00:00

I want to create an alert using a Kusto query when a custom role is assigned data action permissions for azure storage account or a current role is modified with the data action permissions for the azure storage account

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,267 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,855 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,020 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
809 questions
{count} votes

Accepted answer
  1. hossein jalilian 7,055 Reputation points
    2024-03-21T23:51:17.8333333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    Here's an example query that demonstrates how to achieve this:

    AzureActivity
    | where ResourceProvider == "MICROSOFT.STORAGE"
    | where Resource == "<YourStorageAccountName>"
    | where OperationName == "Microsoft.Authorization/roleAssignments/write"
    
    

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.