Monitor Audit

​

Checks performed

• Log Profile is not provisioned
• Ensure activity log retention is set for 365 days or greater
• Ensure log profile is configured to export all activities
• Ensure log profile is configured for all regions
• Ensure Storage Account container containing the logs is not publicly accessible
• Ensure Storage Account container containing the logs is encrypted with BYOK
• Ensure Activity Log Alert exists for Create Policy Assignment
• Ensure Activity Log Alert exists for Delete Policy Assignment
• Ensure Activity Log Alert exists for Create or Update Network Security Group
• Ensure Activity Log Alert exists for Delete Network Security Group
• Ensure Activity Log Alert exists for Create or Update Network Security Group Rule
• Ensure Activity Log Alert exists for Delete Network Security Group Rule
• Ensure Activity Log Alert exists for Create or Update Security Solution
• Ensure Activity Log Alert exists for Delete Security Solution
• Ensure Activity Log Alert exists for Create or Update SQL Server Firewall Rule
• Ensure Activity Log Alert exists for Delete SQL Server Firewall Rule
• Ensure Activity Log Alert exists for Create or Update Security Policy
• Ensure Activity Log Alert exists for Delete Security Policy
• Setup Alerts for Virtual Machine Events
• Setup Alerts for Power Off Virtual Machine Events
• Setup Alerts for Delete Virtual Machine Events
• Setup Alerts for Update Key Vault Events
• Setup Alerts for Delete Key Vault Events
• Create Alert for “Create or Update Security Solution” Events
• Create Alert for “Delete Security Solution” Events
• Ensure Diagnostic Setting Captures Appropriate Categories