Ensure that an Azure activity log alert is fired whenever "Create Virtual Machine" or "Update Virtual Machine" events are triggered in your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs. For this conformity rule, the matched condition is `Whenever the Administrative Activity Log "Create or Update Virtual Machine (Microsoft.Compute/virtualMachines)" has "any" Event level, with "any" Status and Event initiated by "any"`
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Monitoring your Microsoft Azure account for "Create or Update Virtual Machine" events can give you insights into the changes made within your cloud environment regarding Azure virtual machines (VMs) and can help reduce the time it takes to detect unauthorized activity.
Audit
To determine if there are any activity log alerts created for "Create or Update Virtual Machine" events in your Microsoft Azure cloud account, perform the following actions:
Remediation / Resolution
To create a Microsoft Azure activity log alert for "Create or Update Virtual Machine (Microsoft.Compute/virtualMachines)" events, perform the following actions:
References
- Azure Official Documentation
- Create, view, and manage activity log alerts by using Azure Monitor
- Create, view, and manage log alerts using Azure Monitor
- Action rules (preview)
- Azure PowerShell Documentation
- az monitor activity-log alert list
- az monitor activity-log alert show
- az monitor activity-log alert create