Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
Why This Matter
Resource logging captures activity in the data plane of Azure services, while the Activity log only tracks control plane events at the subscription level. Without enabling resource logs, you lose visibility into which entities accessed sensitive resources like Key Vaults, databases, or storage accounts, making it impossible to detect reconnaissance or unauthorized access attempts. Given that the average time to detect a breach is 240 days, you must retain these logs for at least two years to support forensic investigations and compliance requirements.
What Aether365 Checks
This check verifies that Azure Monitor resource logging is enabled and retained for at least two years for all supported Azure services. It appears in the Aether365 dashboard under the azure-diagnostic-settings category and identifies resources that are missing diagnostic settings or have insufficient retention periods.