My customer wants to know if we are able to audit whether anybody is modifying their backups or not. If one of their admins goes rogue and decides to delete one or some of their backups is there an audit trail that will show who did it? I honestly don't know where to go to determine this or to determine whether we have this set up properly or not and after several searches I am only further confused about how exactly I should have this configured in my environment. I am using native Azure backups to backup their VMs on a nightly basis. Nothing fancy. I read something about this having to be configured at the storage account but there are many storage accounts. Do I have to set this up at every storage account? The auditing? Or is there a central storage account monitoring I can set up and configure for all of their backups? A centralized auditing system? Perhaps 1 per subscription?
Thanks in advance for your direction on this.
Matt