Introduction
Monitoring and analyzing data across your cloud resources is a core part of effective cloud management. Azure Log Analytics, part of Azure Monitor, provides a powerful workspace where logs from different services can be centralized, queried, and visualized.
In this hands-on guide, we’ll walk through:
- Creating a security group in Entra ID
- Creating a Log Analytics workspace.
- Configuring data retention and archive policies.
- Enabling access for teams or security groups.
By the end, you’ll know how to set up and manage a Log Analytics workspace to support observability, compliance, and collaboration in your cloud environment.
Skilling Objectives
- Create an Entra ID security group for log readers.
- Create a Log Analytics workspace in Azure.
- Configure data retention and daily cap limits.
- Assign role-based access for secure collaboration.
Step 1: Create App Log Examiners Security Group
💡 Why create a security group?
Before granting access to Log Analytics, it’s a good practice to create an Azure Active Directory (Entra ID) security group. This way, you can manage access for a group of users rather than assigning permissions individually.
Steps:
In the Azure Portal, search for Azure Active Directory (or Entra ID)
From the Default Directory page, select Groups
On the Groups page, click + New Group.
On the New Group page, enter the following values:
| Property | Value |
|---|---|
| Group type | Security |
| Group name | App Log Examiners 1 |
| Group description | App Log Examiners |
- Click Create.
Your security group is now ready to be assigned access to the Log Analytics workspace later in this exercise.
Step 2: Create a Log Analytics Workspace
💡 What is a Log Analytics Workspace?
A Log Analytics workspace is an environment where Azure Monitor stores log data. Think of it as a container for your logs, enabling you to run queries, set alerts, and analyze patterns across your resources.
Steps:
- In the Azure Portal, search for Log Analytics.
Select Log Analytics workspaces from the results.
Click + Create.
On the Basics tab of the wizard, provide the following details:
| Property | Value |
|---|---|
| Subscription | Your subscription |
| Resource Group | rg-alpha |
| Name | LogAnalytics |
| Region | East US |
Click Review + Create, then Create.
Once deployment is complete, go to Resource.
Step 3: Configure Log Analytics Data Retention and Archive Policies
💡 Why configure retention?
Log data can grow quickly. Configuring retention and caps ensures that you store logs for as long as you need them without overspending on unnecessary storage.
Steps:
- Go to your workspace: LogAnalytics.
- In the workspace menu, select Usage and estimated costs.
Under Data Retention, set the slider to 60 days → Click OK.
Again, under Usage and estimated costs, select Daily cap.
Toggle Daily cap = On → Set limit to 10 GB → Click OK.
Step 4: Enable Access to the Log Analytics Workspace
💡 Why role-based access?
Not everyone should have full access to logs. Using Azure Role-Based Access Control (RBAC), you can assign the right roles (e.g., Reader, Contributor) to specific groups or users.
Steps:
- From the workspace LogAnalytics, select Access control (IAM).
Click Add → Add role assignment.
From the list of roles, select Log Analytics Reader → Click Next.
-
On the Members page:
- Click Select members.
- Choose the App Log Examiners security group.
- Click Select.
Click Review + Assign.
Conclusion
In this project, you’ve learned how to:
- Create a Log Analytics workspace.
- Configure log retention and daily usage caps.
- Assign access with role-based controls.
With these skills, you can centralize monitoring data, keep costs under control, and ensure secure collaboration across your team. Log Analytics is a cornerstone of Azure monitoring, enabling you to build a strong foundation for observability, compliance, and proactive issue resolution.
Top comments (0)