Azure Enterprise Cloud Platform: Global, Available in 46 Regions, 8 Announced

http://azureplatform.azurewebsites.net/ * Preview Services

Global Enterprise Cloud Platform Available in 46 regions (+ 8 announced = 54) across 140 countries

Azure Activity Log • https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview#export-the-activity-log-with-log-profiles • “The Activity Log does not include read (GET) operations or operations for resources that use the Classic/"RDFE" model.” @codingoutloud

Event Grid • https://docs.microsoft.com/en-us/azure/event-grid/delivery-and-retry • https://docs.microsoft.com/en-us/azure/event-grid/event-schema-resource-groups

Parse JSON • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "azureblockhead@gmail.com", • https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions

Wire EventGrid to an Azure Subscription • https://docs.microsoft.com/en-us/azure/event-grid/event-sources

https://portal.azure.com/#blade/Microsoft_Azure_ActivityLog/ActivityLogBladehttps://portal.azure.com/#blade/Microsoft_Azure_ActivityLog/ActivityLogBlade • { • "authorization": { • "action": "Microsoft.Storage/storageAccounts/blobServices/write", • "scope": "/subscriptions/78262ac9-3139-45aa-bf7d-fac56ce57c4f/resourcegroups/whoaz/providers/Microsoft.Storage/storageAccounts/disposablelikezblobby/blobServices/default" • }, • "caller": "azureblockhead@gmail.com",

FILTERS • Microsoft.Resources/deployments • Success • "category": { • "value": "Administrative", • "authorization": { • "action": "Microsoft.Advisor/register/action” • "action": "…/write”

{ • "authorization": { • "action": "Microsoft.Advisor/register/action", • "scope": "/subscriptions/78262ac9-3139-45aa-bf7d-fac56ce57c4f" • }, • "caller": "azureblockhead@gmail.com", • "channels": "Operation", • "claims": { • "aud": "https://management.core.windows.net/", • "iss": "https://sts.windows.net/6d45d5f0-f09b-4cab-aceb-3b3d998e24d8/", • "iat": "1556318865", • "nbf": "1556318865", • "exp": "1556322765", • "http://schemas.microsoft.com/claims/authnclassreference": "1", • "aio": "AUQAu/8LAAAAyfil/s0KOmfjqfZFN97Z7eXCosUny49IEiWD5HeU8J7JwXEIi9D8lS/bkXP3fk4qGNSwX37lxa9H/NIj1MwJUw==", • "altsecid": "1:live.com:00034001192496B8", • "http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd", • "appid": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", • "appidacr": "2", • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "azureblockhead@gmail.com", • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Blockhead", • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "Azure", • "groups": "fe9bfa9b-13b1-45dc-a60d-2a1ded625df7", • "http://schemas.microsoft.com/identity/claims/identityprovider": "live.com", • "ipaddr": "108.7.76.74", • "name": "Azure Blockhead", • "http://schemas.microsoft.com/identity/claims/objectidentifier": "25043ccf-2105-4701-b546-1b406565cc45", • "puid": "1003200045E6C2B0", • "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation", • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "kp1IsDLo8lmPKqUiS7y87hOAlXvGIIvmGAns_mNmB-o", • "http://schemas.microsoft.com/identity/claims/tenantid": "6d45d5f0-f09b-4cab-aceb-3b3d998e24d8", • "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "live.com#azureblockhead@gmail.com", • "uti": "_7DfqDe8vEaPE3rYHVk4AA", • "ver": "1.0", • "wids": "62e90394-69f5-4237-9190-012177145e10" • }, • "correlationId": "52bb68b0-691f-454a-b04f-4fa311a96a51", • "description": "", • "eventDataId": "63c9a7d2-8cd2-406f-b38a-7c236dd3401d", • "eventName": { • "value": "EndRequest", • "localizedValue": "End request" • }, • "category": { • "value": "Administrative", • "localizedValue": "Administrative" • }, • "eventTimestamp": "2019-04-26T22:56:41.3097106Z", • "id": "/subscriptions/78262ac9-3139-45aa-bf7d-fac56ce57c4f/providers/Microsoft.Advisor/events/63c9a7d2-8cd2-406f-b38a-7c236dd3401d/ticks/636919162013097106", • "level": "Informational", • "operationId": "52bb68b0-691f-454a-b04f-4fa311a96a51", • "operationName": { • "value": "Microsoft.Advisor/register/action", • "localizedValue": "Register with the Provider" • }, • "resourceGroupName": "", • "resourceProviderName": { • "value": "Microsoft.Advisor", • "localizedValue": "Microsoft.Advisor" • }, • "resourceType": { • "value": "", • "localizedValue": "" • }, • "resourceId": "/subscriptions/78262ac9-3139-45aa-bf7d-fac56ce57c4f/providers/Microsoft.Advisor", • "status": { • "value": "Succeeded", • "localizedValue": "Succeeded" • }, • "subStatus": { • "value": "OK", • "localizedValue": "OK (HTTP Status Code: 200)" • }, • "submissionTimestamp": "2019-04-26T22:57:07.0956218Z", • "subscriptionId": "78262ac9-3139-45aa-bf7d-fac56ce57c4f", • "properties": { • "statusCode": "OK", • "serviceRequestId": null • }, • "relatedEvents": [] • }

Who Moved My Azure? • “The activity log contains all write operations (PUT, POST, DELETE) performed on your resources. It doesn't include read operations (GET). For a list of resource actions, see Azure Resource Manager Resource Provider operations. You can use the audit logs to find an error when troubleshooting or to monitor how a user in your organization modified a resource.” • https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit @codingoutloud

Event Grid tap by Azure Function • https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-grid • DIAGRAM from:https://docs.microsoft.com/en-us/azure/event-grid/overview#event-sources

Questions?

Questions? See you at Boston Azure bostonazure.org Find this slide deck here Bill Wilder@codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder

Azure Enterprise Cloud Platform: Global, Available in 46 Regions, 8 Announced