Azure Activity Log






Azure Activity Log and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.

Azure Activity Log Overview

Azure Activity Log is a platform log available in Azure providing insight into subscription-level events. It includes information such as modifying resources or when a virtual machine is started.

You can access the Activity Log from the Azure portal or retrieve entries with PowerShell and CLI. You’re able to analyze the logs of all your Azure resources together and export relevant data for further analysis to Azure Monitor Logs to correlate Activity log data with other monitoring data collected by Azure Monitor, consolidate entries from multiple subscriptions and tenants into one panel, or perform more advanced analysis with log queries and log alerts.

For some events, the Change history is available. It shows what changes happened during that event time.

Azure Activity Log events are retained in Azure for 90 days and then deleted with no regard to the volume stored. For a longer retention time, data can be exported to Azure Storage.

Azure Activity Log

Finally, you can send your Activity Log to Azure Event Hubs to send entries outside of Azure in JSON. You can inject relevant data into a third-party SIEM or other log analytics solutions.


  • Keep track of any modification to your Azure resources
  • Detect when virtual machines are started in your Azure environment
  • Combine with other Azure tools for advanced analysis
  • Easy export to third-party tools


Automation Through Mindflow

Automation Use Case

Related Integrations