Apr 06 2023 08:32 AM
Greetings,
My goal is to be able to audit activity carried out by users with custom roles in Azure. I ran across this policy, but it is confusing as to what it does.
"Audit usage of custom RBAC rules"
Here is what it says, "Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling."
The JSON looks like it will enable auditing custom roles, but would like to confirm. Also, wondering where the data dumps - audit, activity, or other logs?
Thank you for your help,
Rick
Apr 08 2023 02:17 AM
See if this post can provide you with some insight?
https://cloud.solita.fi/en/using-azure-policies-to-audit-and-automate-rbac-role-assignments/
Apr 10 2023 07:49 AM