Not a day goes by I need to refresh my memory where certain operation is logged in Azure? is there separate logging setting needed to be enabled? Is it enabled per resource?
That’s the reason I created this short helper documentation, to have a simple example of core logging related to Azure Resoure Manager operations.
- Note: this article excludes:
- Azure AD logs, such as various sign-in and audit logs (Subject I’ve covered in many other blogs, and very important too)
- Application insights, or functional logs created inline from the application runtime (for example adding middleware that writes directly to Log Analytics custom log events)
- Activity log: Configured in Azure Activity Log per Subscription
- Diagnostic log: Configured in individually the resources diagnostic settings
Connect Azure Activity data to Azure Sentinel | Microsoft Docs
My friend @samilamppu pointed me at this resource explaining it at the docs
Paluuviite: Ingest Storage Account Audit Data to Azure Sentinel – Sam's Corner