Audit log information is lacking in detail


  • I deleted a few (empty) test containers in Azure Storage and thought I'd go and see if it kept an audit trail. I eventually found it but it only says "Successfully deleted storage container" with the date and time, but it doesn't record the name of the person who actually deleted it.

    We only have a few Azure administrators but not being able to identity who did what is a bit of a concern. Is this level of detail kept somewhere, and is it accessible?

    It would be nice to have some extra security around the deletion of containers so that it isn't easy to do and that there are multiple nag messages to prevent accidents or maliciousness.

    Wednesday, July 1, 2015 12:43 AM


  • Hi,

    Thanks posting here!

    You could programmatically get this information. To do so, you would need to make use of Windows Azure Service Management API especially List Subscription Operations. Portal actually makes use of the same operation.

    In order to identify who did what you need to use User Email Address and Client IP in the response body.

    Which gives you the email associated with the Windows Live ID of the user who initiated the operation from the Management Portal and also the IP address of the client computer that initiated the operation.

    Hope this helps!

    Best Regards

    Sadiqh Ahmed


    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    • Marked as answer by mfearby Wednesday, July 1, 2015 10:47 PM
    Wednesday, July 1, 2015 9:01 AM

All replies