Log search alert rules with linked storage will require the use of a managed identity starting July 2024 | Azure Updates

When defining a log search alert rule with linked storage, it is currently not necessary to explicitly grant permissions to the storage account itself.

Starting July 2024, alert rules that use linked storage will require a managed identity to access the linked storage. This requirement will be enforced for alert rules created using API version 2023-12-01 or newer. Creating or updating linked storage rules using an older API version will be blocked.

This change will be introduced in two phases:

1. July 2024 – Log search alert rules that require linked storage will be blocked for updates with API versions prior to 12/1/2023. The same applies to creating new rules that require linked storage. Use API version 12/1/2023 or later to update your existing rules or create new rules to use linked storage for the workspace and define access to managed identities.
2. September 2024 – All log search alert rules that use linked storage and do not use a managed identity will be paused and evaluation will stop.

You can use managed identities in log search alert rules with one of the following two options:

• System-assigned managed identity: Azure creates a new, dedicated identity for this alert rule. Because the identity does not have permission to the linked storage, we cannot store the query in the linked storage. Therefore, system-assigned managed identity with linked storage is not supported.
• User-assigned managed identity: Before you create the alert rule, create an identity and assign it read permissions to the linked storage in addition to the rule itself. You can use the same identity in multiple alert rules.

Next Steps: