Microsoft implements this Audit and Accountability control
Name/Id: ACF1104 / Microsoft Managed Control 1104 Category: Audit and Accountability Title: Audit Events - Rational for Adequacy Ownership: Customer, Microsoft Description: The organization: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and Requirements: Designated Azure personnel select which auditable events are to be audited, and Azure assets generate such audit records which enable Azure Security to support after-the-fact investigations of security incidents. The Security Response Team is involved in determining which events should be audited to support the incident management process and it has been determined that the selected events are sufficient to support the after-the-fact investigations of security incidents. Azure performs a review of the events to be audited within Azure at least annually, using several sources of input including security architects, incident management personnel, security analysts, and system operators, to determine that the list of auditable events is adequate to support after-the-fact investigations of security incidents.
Rule resource types
IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups