Azure resources Audit details?

Question

Is it possible to validate or check who has created/deleted resources apart from the azure resources group Audit log or deployment group?

As per my understanding system will hold an audit log for not more than 3 months.

And what in case someone deletes a resources group.. how to track who has deleted etc.

Appreciate your input/guidance or the best approach to capture such details.

Answer 1

All activities, including de deletion of resource groups, are recorded in the Activity Log. It logs also the caller (username of the user that initiated the operation):

As per my understanding system will hold an audit log for not more than 3 months.

You can setup a continuous export of the Activity Log to for example a storage account or a Log Analytics Workspace. The retention for a Log Analytics Workspace can be set to a maximum of 730 days.

If you route the logs to a storage account you can have unlimited storage retention.

Answer 2

• *As far as I know and as per the document, we don't have any way other than Azure Activity logs to find out the information related to activities done.
• And as you already know we have 90days of retention time but if you want to get longer retention time you can create diagnostic setting and route to different locations.

• Here is the Document which will help you in creating diagnostic settings. *