Make the $logs container read only
We need to be sure that all audit logs are there and can not be modified/deleted. Now it is possible to delete audit log files from the $logs folder.
Thank you for your feedback. Providing immutable logging is on our backlog but there is no ETA we can share at this time. We will provide updates when they become available. For any further questions, or to discuss your specific scenario, send us an email at firstname.lastname@example.org.
I tried to make my logs immutable like this:
Set-AzRmStorageContainerImmutabilityPolicy -ResourceGroupName 'xxxxxxx' -StorageAccountName 'xxxxxx' -ContainerName '$logs' -ImmutabilityPeriod 1 #1 day
This works fine on other containers, but I get this for $logs:
"Set-AzRmStorageContainerImmutabilityPolicy : The account being accessed
does not have sufficient permissions to execute this operation."
What permissions do I need to make $logs immutable?