Logging
All actions performed on Azure resources are logged in a central log analytics workspace.
This is enforced via an Azure Policy called Configure Azure Activity logs to stream to specified Log Analytics workspace and can not be deactivated.
What is being logged?
The log analytics workspace collects Activity Logs.
Activity logs provide an insight into the operations performed on each Azure resource in the subscription from the outside, known as the management plane. in addition to updates on Service Health events. Use the Activity log to determine what, who, and when for any write operation (PUT, POST, DELETE) executed on the resources in your subscription. There's a single activity log for each Azure subscription.
How can I access the central log analytics workspace?
Access to central audit logs is granted on need-to-know basis to Auditors and Cloud Foundation Team members. The following AAD groups control access and are used to implement Privileged Access Management.
| group | description | object_id |
|---|---|---|
| likvid-cloudfoundation-security-admins | Privileged Cloud Foundation group. Members have full access to Azure Security Center, Policies and Audit Logs. | 0da9735c-89cc-4a75-bf29-f6ed6e020d24 |
| likvid-cloudfoundation-security-auditors | Privileged Cloud Foundation group. Members have read-only access to Azure Security Center, Policies and Audit Logs. | ba7d0156-3e1d-4eeb-a535-1083e1b724ff |
How can I access Activity Logs for my subscription?
Application teams can view Activity Logs for their own subscription in Azure portal under Subscription -> Activity Logs.
Compliance Statements
- Centralized audit logs: Activates Azure logs in all subscriptions and sends them to a central log analytics workspace for storage and analysis.