I have a compliance and audit scenario, where I need to archive Azure Activity Logs (Categories; Administrative, Security and Policy ...at a minimum).
The archive will extend and take me past the build-in 90 days retention in Azure (I will probably need a 5 year retention). I don't think this a unique scenario, yet I can't seem find any information on how other Azure customers or Microsoft accomplish' this - in an Enterprise setup, on a global scale.
Here is what I have tried...
Azure Log Analytics: Using LA as an archive is extremely expensive in my scenario!
Azure Storage (hot): Automatic logging to Azure storage is just plain expensive
Azure Storage (hot -> archive) lifecycle management: Not possible, due to the LA origin is an append blob vs the archive block blob target
Ship all to local storage: Abandoned due to high traffic egress costs
...so I am moving on to my next try which is a variation over 2.)
This is going to be a solution were I deploy a small VM in each region, where I have Azure resources running.
The VM will contain a script that, downloads the last 90 days append blobs and convert the Activity Logs to block blob and write them to Azure Storage (archive) in the same region as the source storage account, and deletes the source append blobs.
An Azure Automation script will start the VM every 90 days and execute the script and shut it down again once the task is complete
This will get my archive on to the most cost efficient storage, while at the same time making sure that any data transport is not egressing.
Okay, so that is what I am going to do - does it sound reasonable? ...but more importantly; is there really no other Azure using enterprise in the World, that has a practice I can copy? ..Microsoft?