Effective Cloud Governance: Leveraging Azure Activity Logs with Power BI

We all generally accept that governance in the cloud is a continuous journey, not a destination. There's no one-size-fits-all solution and depending on the size of your Azure cloud estate, staying on top of things can be challenging even at the best of times.

One way of keeping your finger on the pulse is to closely monitor your Azure Activity Log. This log contains a wealth of information ranging from noise to interesting to actionable data. One could set up alerts for delete and update signals however, that can result in a flood of notifications.

To address this challenge, you could develop a Power Bi report, similar to this one, that pulls in the Azure Activity Log and allows you to group and summarize data by various dimensions. You still need someone to review the report regularly however consuming the data this way makes it a whole lot easier. This by no means replaces the need for setting up alerts for key signals, however it does give you a great view of what's happened in your environment.

If you're interested, this is the KQL query I'm using in Power Bi

let start_time = ago(24h);
let end_time = now();
AzureActivity
| where TimeGenerated > start_time and TimeGenerated < end_time
| where OperationNameValue contains 'WRITE' or OperationNameValue contains 'DELETE'
| project
    TimeGenerated,
    Properties_d.resource,
    ResourceGroup,
    OperationNameValue,
    Authorization_d.scope,
    Authorization_d.action,
    Caller,
    CallerIpAddress,
    ActivityStatusValue
| order by TimeGenerated asc