Think about the last time you had an incident. If you couldn’t tell who did what, when, or how, your response was already crippled. That’s the cold reality many organizations face in Azure.
Most environments I’ve audited have gaping holes here. They’re running critical workloads but treating logs as an afterthought. That’s not just risky; it’s negligent. You’re flying blind.
The fix is straightforward: send your Azure Activity Log, Sign-in Logs, and resource diagnostics to Log Analytics. It’s not optional; it’s foundational. This gives you the visibility to detect, investigate, and respond.
To configure this, navigate to your Azure resource, go to “Diagnostic settings,” then “Add diagnostic setting.” Select all log categories and send them to a Log Analytics workspace. Repeat for Activity Log and Sign-in Logs in Azure Monitor.
If you’re not doing this, you’re missing basic telemetry. You can’t protect what you can’t see.
Prioritize this. Go enable diagnostic logging for your key Azure resources today.
The fix
# Enable Activity Log export\naz monitor diagnostic-settings create --name \"scw-audit\" \\\n --resource \"/subscriptions/<sub_id>\" \\\n --workspace \"<log_analytics_workspace_id>\" \\\n\
Reference: CIS Azure Foundations Benchmark 5.1