I want to ensure that I get notified via email whenever someone accesses or views keys within my Azure subscription. A small group of people has access to my Azure environment through the portal. My subscription mainly involves Azure Cognitive Resources, and each of these resources has two keys. How can I configure this alert system?
5 Answers
I’m not sure you can directly alert for key accesses. One workaround is to assign the key reader role through Privileged Identity Management (PIM) and then set up notifications for when the PIM group is activated. You can find directions for this with a quick search.
Check if the activity you're concerned about generates a specific event. If it does, you could create a Logic App triggered by this event to send you notifications.
You should definitely rethink who has access to your key vault. Anyone having permanent reading rights is a huge security risk. Setting up PIM roles that require authorization for reader roles can help avoid this.
You can send the Azure activity logs to a Log Analytics Workspace (LAW) and set up alert rules there to notify you via email when certain actions occur.
Consider setting up email alerts for activity logs. I’ve done this in one of my tenants, and it works well to alert me whenever anyone accesses specified resources.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux