Azure Resource Changes Report

Azure resources are the fundamental components or individual services, such as virtual machines, databases, storage accounts, and networks, that are used to build and operate cloud-based solutions. It is very essential to monitor changes to these resources, as unauthorized modifications can lead to service disruptions, security issues, or cost overruns if left unnoticed. This report provides a comprehensive view of resource changes, grouped by type, identity, resource group, and event. It enables proactive detection of unauthorized activities, misconfigurations, or malicious actions. Additionally, the report helps drill down into the details of each modification, thereby ensuring visibility, security, and compliance within the cloud environment.

To generate the Azure Resource Changes report, do the following:

  1. Follow the menu sequence: REPORTS BY FUNCTION -> Domain-specific Reports -> Microsost Azure -> Azure Resource Changes in the eG Reporter interface.

  2. Figure 1will then appear. Pick a criterion for analysis from the Analyze by list. Using this report, you can analyze the configuration or state changes to Azure resources that are part of a zone. The options provided by the Analyze by list box are discussed hereunder:

    • Component: Select this option to choose the component(s) from across all the managed components in the environment.

    • Zone: Pick this option if the components chosen are part of a zone. Then, choose a Zone. Also, indicate whether the components within the sub-zones of the chosen zone are also to be considered for report generation, by selecting an option from the Include Subzone list.

      Figure 1 : Selecting the criteria for the Azure Resource Changes report

  3. Select the Component Type for which you wish to analyze the resource changes.

  4. The Components list will then be populated with the servers that match the Analyze By criteria specified earlier. From this list, select the components for which the report is to be generated.

  5. Then, specify the Timeline for the report. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise system, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user’s Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  6. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button soon after you pick the criteria for generating the report. However, if you want to view and then alter these settings (if required), click on the button. The default settings will then appear in the More Options drop down window (see Figure 2). The steps below discuss each of these settings and how they can be customized.

    Figure 2 : The default settings for generating the Azure Resource Changes report

  7. Specify the start time and end time for report generation against the Time period field (see Figure 2).

  8. eG Enterprise allows users to generate desired reports for a specific time period. In large environments, while generating reports for long time periods, say a few weeks to months, report generation was found to slow down, owing to the large volume of data being processed. If users needed to generate many such reports quickly, the slowdown compelled them to generate these reports one after another, thus affecting the speed of their operations, and consequently, their productivity. eG Enterprise now includes a background processing feature that will enable users to process multiple reports, spanning long time periods in the background, while allowing them the bandwidth to generate short-term reports in the foreground. This way, users can generate multiple reports with little-to-no loss of time. To schedule background processing of a report, select the Background Save - PDF option from the Report Generation list. In this case, a Report Name text box will appear, where you would have to provide the name with which the report is to be saved in the background. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note:

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the {EG_INSTALL_DIR}\manager\config directory) is set to Yes.
    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.

  9. Finally, click the Run Report button.

    Figure 3 : The Azure Resource Changes Report showing the details of changes made across resources

  10. The Azure Resource Changes report (see Figure 3) then appears and reveals the following details:

    • The Change Analysis Dashboard provides a detailed view of changes made across resources over a defined period. The Change Trend graph shows the number of changes that occurred over time, helping to identify periods of high activity that may require attention. The Change by Type chart tracks changes based on type, such as system or application-based changes, offering insight into the most frequent types of changes. The Change by Resource Group chart highlights which resource groups have undergone modifications, allowing users to detect groups that are particularly active or potentially misconfigured. The Change by Resources graph pinpoints changes made to individual resources, such as virtual machines, gateways, or network interfaces, helping identify assets that are frequently modified. The Change by Identity chart shows the user or service identities responsible for the changes, assisting in verifying whether the changes are authorized. The Change by Target Resource Type chart displays the types of resources affected, such as network interfaces or virtual machines, helping identify components that are most impacted. Finally, the Change by Event graph categorizes the changes based on actions such as updates, deletions, or creations, providing clear visibility into the intent behind the changes and helping detect any unexpected deletions or unusual patterns.

    • The Resource Change Details section provides a detailed log of individual changes or configurations across resources. It includes key information such as the timestamp of the change, the affected resource and resource group, the identity responsible for the change, the type of resource, and the method used (e.g., ARM Template). This helps in root cause analysis and troubleshooting. It also enables informed decision-making by correlating changes with performance issues using timestamps and resource IDs.

    • Now, when you click on the "+" icon next to the change entry, it expands to show Figure 4. This shows detailed modifications made to the resources, such as specific properties that were changed, along with their old and new values. This provides a clear understanding of what exactly was modified during the change event.

      Figure 4 : Detailed view of resource property changes