AZ-008 Microsoft Azure

Activity-log alerts exist for critical changes (NSG, security policy, Key Vault).

Activity-log alerts exist for critical changes (NSG, security policy, Key Vault).

Domain
Microsoft Azure
Area
Logging
Automated / manual
Automated

Risk if it fails

Silent malicious changes go unnoticed.

If nobody is alerted when a firewall rule or security policy is changed, an attacker can quietly open a door, use it, and you will not know until later.

How Tess tests it

1 test — each concludes only on cited evidence.

Activity-log alerts exist for critical changes (NSG, security policy, Key Vault).

Automated
Procedure
Confirm alert rules for create/update/delete of security-relevant resources.

Read-only command 

az monitor activity-log alert list -o table

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-008 against your evidence?

Book a demo