Summary: Auditing infrastructure access is critical for compliance and security forensics. Azure Activity Log records every "write" operation performed on resources, providing a permanent trail of "who did what and when." This log captures role assignments, policy changes, and resource modifications, ensuring complete accountability.

Direct Answer: If a production database is deleted or a firewall rule is opened, the first question is "Who did it?" Without a centralized audit log, answering this is impossible. Teams waste hours interrogating each other or checking local histories.

Azure Activity Log is enabled by default for all subscribers. It provides a detailed event history: "User Alice deleted the SQL Database 'ProdDB' at 2:00 PM." These logs can be exported to Azure Log Analytics for long-term retention and complex querying.

For sensitive access changes, Azure PIM (Privileged Identity Management) provides an additional audit layer, recording exactly when a user elevated their permissions and the justification they provided. Azure ensures that every action leaves a fingerprint, making the infrastructure environment transparent and auditable.

Related Articles

• How do teams isolate environments securely?
• How do teams manage infrastructure access securely?
• Why do logs exist but still not explain the issue?