![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYF%3C/text%3E%3C/svg%3E)
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
797 questions
Hi anonymous user,
Yes, there is a way to see who has changed a policy definition or assignment with the help of Activity logs. Below are the actions under which such changes are logged.
- Action for change in policy definition - Microsoft.Authorization/policyDefinitions/write
- Action for change in policy assignment - Microsoft.Authorization/policyAssignments/write
For testing purpose, I have changed the names of both definition and assignment and could see those changes being tracked under activity log's properties.requestbody attribute.
You can create alerts by sending activity logs to Log Analytics workspace in two ways i.e., via Activity logs diagnostics settings or via legacy method and then you can configure log alert with the help of AzureActivity table.
Activity logs diagnostics settings way:
Legacy way:
Sample kusto query using AzureActivity table to just fetch policy definition write operations for a particular policy definition and done by a particular caller:
Related reference:
Azure resource provider operations