Maintained with ☕️ by
IcePanel logo

Log search alert rules using linked storage will require using a managed identity staring July 2024



As of today, when defining a log search alert rule with linked storage, it is not required to explicitly grant permissions to the storage account itself. **Starting July 2024, alert rules using linked storage will require a managed identity to access the linked storage. This requirement will be enforced on alert rules created with API version 2023-12-01 or newer. Creating or updating linked storage rules using an older API version will be blocked.** This change will be rolled out in two phases: 1. July 2024 –log search alert rules requiring linked storage will be blocked for updates using API versions older than 2023-12-01\. Same applies for creation of new rules requiring linked storage. Use API version 2023-12-01 or newer to update your existing rules or create new rules to use workspace linked storage and define managed identity access. 2. September 2024 - all log search alert rules using linked storage that do not use a managed identity will break and stop evaluating. You can use managed identities in log search alert rules using either of these two options: * System assigned managed identity: Azure creates a new, dedicated identity for this alert rule. Since the identity doesn’t have permission to the linked storage, we won't be able to save the query in the linked storage, therefore System assigned managed identity with Linked storage is not supported. * User assigned managed identity: Before you create the alert rule, you [create an identity]( and assign it read permissions for the linked storage in addition to the rule itself. You can use the same identity in multiple alert rules. **Next steps:** * **[How to define linked storage with CMK](** **?** * **[Managed identities for Azure resources](** * **[Configure Managed Identity in Log Search Alert Rule](** * Alerts * Compliance * Features * Security