How to get the list of Azure Resources at a given time

Question

I'm facing a scenario where I need the azure resources a week - month ago to compare with the resources now (App Service, Database, etc) in order to determine what has changed.

How does one do that? Via the restful api or powershell or any other means.

Thanks.

Answer 1

Azure Portal:

Through activity logs, you can determine:

• what operations were taken on the resources in your subscription

• who initiated the operation (although operations initiated by a backend service do not return a user as the caller)

• when the operation occurred

• the status of the operation

• the values of other properties that might help you research the operation

Azure PowerShell:

To retrieve log entries:

Get-AzureRmLog

To retrieve the operations for a resource group:

Get-AzureRmLog -ResourceGroup myResourceGroup

Azure CLI:

To retrieve log entries:

az monitor activity-log list 

To retrieve the operations for a resource group:

az monitor activity-log list --resource-group <group name>

REST API:

The REST operations for working with the activity log are part of the Insights REST API. To retrieve activity log events, see List the management events in a subscription.

For more details, refer “View activity log to audit actions on resources”.

Note: Activity Log blade the "Event Initiated By" column will have the user name that initiated the request. Get-AzureRMLog will also work and you'll want to pay attention to the caller property. The likely reason you are seeing this as a blank entry is that they are fabric initiated events, instead of events initiated by a unique user. If you want to search for a particular caller, use the -StartTime and -Caller parameters.

Archive the Azure Activity Log: Unless you archive your logs to a storage account, retention is 90 days, so ensure you're searching for an activity that has happened in the past 90 days.