Is audit logging possible on Azure Bastion Developer tier?
We have just started to use Azure Bastion with the free Developer tier. We use it to securely connect to a VM that runs in a private vNet. This all works perfectly fine and we can connect to the VM just fine.
However, I would like to find a way to be able to find who connected to the VM, and when.
I have tried to enable Diagnostic Settings as in the screenshot below. But nothing appears in the Log Analytics Workspace that I link to it or the Storage Account that I link to it.
Is it simply not possible? I have not been able to find in the documentation that it is not possible, but I suspect it might be. Again, I'm asking for Developer tier.
Thanks in advance.
AFAIK, The bastion Developer tier is not supporting Bastion Audit Logs to check the detailed logs about who connected and when.
Initially, I tried using the Bastion Developer tier and enabled boot diagnostics with a Log Analytics workspace to check the logs for who connected and when. I performed activities such as connecting to and disconnecting from the virtual machine multiple times using the Bastion service to record the activity.
But unfortunately, I'm unable to see the logs in the Azure Log Analytics workspace.
Then, I upgraded my Bastion service to the 'Basic' tier by navigating to the configuration of Bastion.
After that, I enabled boot diagnostics in the Bastion service and selected the Log Analytics workspace. I performed activities like connecting to the Virtual Machine using the Bastion service, waited for some time, and checked the logs in the Log Analytics workspace. I was able to see information about who connected and when. I used the below Kusto query to fetch the details.
MicrosoftAzureBastionAuditLogs
| where OperationName == "Microsoft.Network/BastionHost/connect"
| project Time,OperationName,UserName,ClientIpAddress,UserEmail,Message
Output:
- Azure Functions with docker: How change port?
- How do I persist logs from a Dockerized .NET Core app in Azure DevOps and save them as artifacts?
- Azure - How to update the password profile of a user in Azure AD B2C using the Microsoft Graph API?
- How can I upload an image to Azure from an Azure Function with a BlobTrigger
- How can I see which mechanism granted the user the ability to activate roles via Azure Privileged Identity Management (PIM)
- How to resolve an "Invalid operands found for operator -eq" error in Microsoft Entra ID PowerShell code
- You don’t appear to have an active Azure subscription when creating new Kubernetes service connection in Azure DevOps
- Azure Application Insights JavaScript SDK loader script security
- How to fix 'Unable to Obtain Authentication Token' in Active Directory Authentication to Azure Analysis Server
- Can one use DPO (direct preference optimization) of GPT via CLI or Python on Azure?
- azure function via terraform: how to connect to service bus
- Azure WebJob is failing after some period of time on Linux plan
- Retry policy on blob leasing
- Azure auth for Outlook Graph API
- Copying storage data from one Azure account to another
- Windows Azure SDK for Node.js SQL Azure Provider
- Pipeline for stored procedure dedicated sql pool
- Webpack @azure/storage-blob node-fetch AbortSignal issue
- What is the Azure equivalent of GCP's Cloud Run?
- How stop execution of a stored procedure if the client closes the connection in SQL Azure database?
- How do you start parallel instances of 1 durable function via HTTP Post?
- Referencing Azure Key Vault secrets from CI/CD YAML
- Azure Function App (Node.js): deployed functions don’t show up in Portal after remote build
- AKS-extension Deployment failed because used version was not found
- Broken while-loop on evaluation of azure commands in Bash Script
- Semantic Kernel OpenAIAssistantAgent GroupChat InvokeStreamingAsync NullReferenceException in swedencentral
- How to get list of Planner Plans via Microsoft Graph similar to My Plans web page?
- Managed Devops pool quota issue
- Connect-ExchangeOnline -ManagedIdentity -Organization will raise this error " The role assigned to application ** isn't supported in this scenario"
- Azure Container Apps Jobs with Event Hubs integration is looping endlessly, even though there is no new events