Activity log alert should exist for specific Policy operations
MEDIUM
Ensures activity log alerts are configured for key Azure Policy operations like policy assignment changes.
What does this mean?
This recommendation ensures that Activity Log alerts exist for critical Azure Policy operations, such as creating, updating, or deleting policy assignments. Unauthorized policy changes can weaken security controls across the environment.
Benefits of implementation
- Detects unauthorized weakening of policy controls
- Supports change management for governance configurations
- Enables rapid response to policy tampering
Drawbacks and considerations
- Policy operations in large environments generate many events
- Alert configuration needs to be specific to avoid noise
- Requires operational procedures for alert response
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12