Logging and monitoring

Missing Alert for Policy Assignment Deleting

Risk Level

Informational (4)

Compliance Frameworks


Monitoring for delete policy assignment events gives insight into changes done in 'azure policy - assignments' and can reduce the time it takes to detect unsolicited changes.
  • Recommended Mitigation

    Under Monitor -> Alerts, create an alert for 'Microsoft.Authorization/policyAssignments/delete'