![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 12%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
674 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hi Arulkumar Kasilingam I want to help you with this question.
When I understand you right, you want to know which Identity in Azure did an edit/delete action on azure firewall rules.
You can find this out in the Azure activity logs. It logs every change event in the Azure resource manager.
Azure Activity Logs are retained for 90 days by default. You can access these logs in several places:
- Azure Portal: Navigate to the “Activity Log” section under “Monitor” to view and filter logs.
- Azure CLI: Use commands like
az monitor activity-log listto retrieve logs. - PowerShell: Use cmdlets such as
Get-AzActivityLog. - Azure Monitor REST API: Programmatically access logs using the API.
If you need to retain logs for longer than 90 days, you can export them to an Azure Storage account, Log Analytics workspace, or Event Hub for extended retention and analysis.
Here you can find more details about the feature:
https://video2.skills-academy.com/en-us/azure/azure-monitor/data-sources
If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you!