Set up diagnostics with Microsoft Azure Attestation

This article helps you create and configure diagnostic settings to send platform metrics and platform logs to different destinations. Platform logs in Azure, including the Azure Activity log and resource logs, provide detailed diagnostic and auditing information for Azure resources and the Azure platform that they depend on. Platform metrics are collected by default and are stored in the Azure Monitor Metrics database.

Before you begin, make sure you've set up Azure Attestation with Azure PowerShell.

Azure Attestation is enabled in the diagnostic settings and can be used to monitor activity. Set up Azure Monitoring for the service endpoint by using the following code.


 Set-AzContext -Subscription "<Subscription id>"

 $attestationProviderName="<Name of the attestation provider>"

 $attestationResourceGroup="<Name of the resource Group>"

 $attestationProvider=Get-AzAttestation -Name $attestationProviderName -ResourceGroupName $attestationResourceGroup 

 $storageAccount=New-AzStorageAccount -ResourceGroupName $attestationProvider.ResourceGroupName -Name "<Storage Account Name>" -SkuName Standard_LRS -Location "<Location>"

 Set-AzDiagnosticSetting -ResourceId $attestationProvider.Id -StorageAccountId $storageAccount.Id -Enabled $true 

Activity logs are in the Containers section of the storage account. For more information, see Collect and analyze resource logs from an Azure resource.