Azure Policy - "Audit usage of custom RBAC rules" and functionality

Question

Greetings,My goal is to be able to audit activity carried out by users with custom roles in Azure. I ran across this policy, but it is confusing as to what it does."Audit usage of custom RBAC rules"Here is what it says, "Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling."The JSON looks like it will enable auditing custom roles, but would like to confirm. Also, wondering where the data dumps - audit, activity, or other logs?Thank you for your help,Rick

kidd_ip · Answer

Rick_Virene&nbsp;See if this post can provide you with some insight?&nbsp;https://cloud.solita.fi/en/using-azure-policies-to-audit-and-automate-rbac-role-assignments/&nbsp;

rick_virene · Answer

Hi Kiddlp,Thank you for responding. This code looks great for automating RBAC assignments. I'm trying to audit activity carried out by users with both built-in and custom roles in Azure. Just not sure if the policy I found will do that. Interesting that there's not much out there on that particular policy. Thanks again!

Forum Discussion

Azure Policy - "Audit usage of custom RBAC rules" and functionality

2 Replies

Resources