Hi there--new to Azure DevTest Labs (DTL),
I know that DTL creates a new key vault for any user who stores secrets.
For security purposes, I would like to enable logging for each new key vault created by DTL (who accessed the key vault and when, etc). We have been doing this manually for key vaults that we create ourselves by creating a storage account for a given region, enabling diagnostic auditing for the given key vault, and then directing the generated logs to be stored in the storage account with the corresponding region.
My question is: is there a way to automatically configure settings like this for the key vaults created by DTL?
If not, and we have to create our own tooling, is there some sort of alerting that exists that can notify us whenever DTL creates a new key vault in a subscription? That way, we can trigger enabling logging ourselves without constantly polling for new key vaults.
I would appreciate any help you can give :)