Ensure that logging for Azure Key Vault is 'Enabled'
Why This Matters
Azure Key Vault stores highly sensitive data including secrets, keys, and certificates. Without audit logging enabled, you lose visibility into who accesses these resources and when, making it impossible to detect unauthorized access or investigate security incidents. Enabling diagnostic logging creates an immutable audit trail that is essential for compliance, forensics, and threat detection.
What Aether365 Checks
Aether365 verifies that diagnostic settings are enabled for each Azure Key Vault instance in your subscription. This check appears in the Aether365 dashboard under the azure-diagnostic-settings category and confirms that AuditEvent logs are being collected.
How to Fix
To enable diagnostic logging for Azure Key Vault from the Azure Portal: