More Info:

A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories ‘write’, ‘delete’ and ‘action’ ensures that all the control/management plane activities performed on the subscription are exported.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

GDPR, PCIDSS

Triage and Remediation

Remediation

To remediate the misconfiguration of ensuring log profile is configured to export all activities in Azure, you can follow the below steps:

  1. Login to Azure portal (https://portal.azure.com/)
  2. In the left navigation pane, click on “Log Analytics workspaces”
  3. Select the workspace that you want to configure for exporting all activities
  4. In the workspace, click on “Log Analytics” in the left navigation pane
  5. Click on “Export” in the top navigation bar
  6. Click on “Add Export” button
  7. In the “Add Export” blade, select the following options:
    • “Destination”: “Storage Account”
    • “Storage Account”: Select an existing storage account or create a new one
    • “Container”: Enter the name of the container where the logs will be exported
    • “Path”: Enter the path where the logs will be exported
    • “Format”: Select “JSON” or “CSV” format for the exported logs
    • “Schedule”: Select “Continuous Export” to export logs continuously
    • “Status”: Select “Enabled” to enable the export
  8. Click on “Save” button to save the export configuration

Once you have completed these steps, all activities in your Azure environment will be exported to the specified storage account and container in the specified format. You can then use this data for analysis, auditing and compliance purposes.

Additional Reading: