'Delete Policy Assignment' activity log alert should be configured

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

To enhance the detection of unsolicited changes and streamline the monitoring of modifications made in the Policy - Assignments page, it is advised to create an activity log alert specifically for the “Delete Policy Assignment” event. This alert will provide valuable insights into any deletions of policy assignments, allowing for quick detection and response to unauthorized changes.

Remediation

From the console

  1. Navigate to the Monitor blade.
  2. Select Alerts > Create > Alert rule.
  3. Under Filter by subscription, choose a subscription.
  4. Under Filter by resource type, select Policy Assignment.
  5. Under Filter by location, select All.
  6. From the results, select the subscription, then click Done.
  7. Select the Condition tab.
  8. Under Signal name, click Delete Delete policy assignment (Microsoft.Authorization/policyAssignments).
  9. Select the Actions tab.
  10. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
  11. Select the Details tab.
  12. Select a Resource group, provide an Alert rule name and an optional Alert rule description.
  13. Click Review + create.
  14. Click Create.
PREVIEWING: Cyril-Bouchiat/add-vm-package-explorer-doc