Azure activity log tracks occurrences over a variety of services and allows a user to configure many instances a large number of items from reporting to the console. Responsibility to make sure that the correct items are being tracked is placed to the subscription owner, however, Microsoft provides recommendations on which items should be included. As titled above, the
The project owner should record each instance of deletion for record keeping. An attacker may try to delete a project and without this enabled it may go unseen. of the name of the alert received. For example, An activity log alert should exist for Delete Security Solution, The alert Delete Security Solution should be set for Delete Security Solution. There are numerous alerts recommended, and each should be analyzed for potential project discrepancy followed by making it an active alert.
Further detail on Activity Logs is found on in the Microsoft site:
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/activity-log-alerts