Azure Policy - "Audit usage of custom RBAC rules" and functionality

Rick_Virene · ‎Apr 06 2023

Greetings,

My goal is to be able to audit activity carried out by users with custom roles in Azure. I ran across this policy, but it is confusing as to what it does.

"Audit usage of custom RBAC rules"

Here is what it says, "Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling."

The JSON looks like it will enable auditing custom roles, but would like to confirm. Also, wondering where the data dumps - audit, activity, or other logs?

Thank you for your help,

Rick

Kidd_Ip · ‎Apr 08 2023

@Rick_Virene

See if this post can provide you with some insight?

https://cloud.solita.fi/en/using-azure-policies-to-audit-and-automate-rbac-role-assignments/

Rick_Virene · ‎Apr 10 2023

Hi Kiddlp,
Thank you for responding. This code looks great for automating RBAC assignments. I'm trying to audit activity carried out by users with both built-in and custom roles in Azure. Just not sure if the policy I found will do that. Interesting that there's not much out there on that particular policy. Thanks again!

Azure Policy - "Audit usage of custom RBAC rules" and functionality

Azure Policy - "Audit usage of custom RBAC rules" and functionality

Re: Azure Policy - "Audit usage of custom RBAC rules" and functionality

Re: Azure Policy - "Audit usage of custom RBAC rules" and functionality

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Policy - "Audit usage of custom RBAC rules" and functionality

Azure Policy - "Audit usage of custom RBAC rules" and functionality

Re: Azure Policy - "Audit usage of custom RBAC rules" and functionality

Re: Azure Policy - "Audit usage of custom RBAC rules" and functionality