AZ-006 Microsoft Azure

Diagnostic settings ship Activity Logs to Log Analytics / storage with retention.

Diagnostic settings ship Activity Logs to Log Analytics / storage with retention.

Domain
Microsoft Azure
Area
Logging
Automated / manual
Automated

Risk if it fails

No retained logs = no forensics.

Without retained logs, when a breach is discovered weeks later there is nothing to investigate — you cannot tell what the attacker touched or took.

How Tess tests it

1 test — each concludes only on cited evidence.

Diagnostic settings ship Activity Logs to Log Analytics / storage with retention.

Automated
Procedure
Confirm subscription diagnostic settings export the Activity Log.

Read-only command 

az monitor diagnostic-settings subscription list -o table
az monitor log-profiles list -o table

More in Microsoft Azure

AZ-001 MFA is enforced for all users, especially privileged roles. AZ-002 Number of Global Administrators is limited (typically 2-4). AZ-003 Privileged Identity Management (PIM) provides just-in-time elevation. AZ-004 Legacy/basic authentication is blocked.

Want Tess to test AZ-006 against your evidence?

Book a demo