Insight Tech APAC Blog Logo

The new Change Analysis Preview feature

stephentulp
May 19, 2024

3 minutes to read

Background

For anyone that has been responsible for managing an Azure environment will know that understanding what was done, who did it, when they did it and how they did it is paramount to operations. The Azure portal has a Change Analysis feature that provides visibility into changes across subscriptions and Resource Groups and while it does provide some value, it had some limitations around the filtering, how changes are categorized and only being able to go back 14 days, which was probably the biggest drawback.

Good news is that a new Change Analysis feature is available in the Azure portal that addresses some of these challenges and improves the user experience at the same time.

/Change Analysis

[!IMPORTANT]
The new Change Analysis experience is currently in preview and accessible in the portal here

Change Analysis Preview Overview

Change Analysis Preview uses Resource Graph and automatically collects snapshots of change data for all Azure resources to provides data for various management and troubleshooting scenarios that is accessible from the azure Portal. The previous version used Azure Monitor, however the Microsoft.ChangeAnalysis resource provider had many limitations hence the move to using Azure Resource Graph.

What is new?

Some of the new functionality that is part of the public preview include the ability to view changes that are happening on your resources in the Azure Portal.

  • Filter between Creates/Updates/Deletes, Subscriptions, Resource Groups, Time Span.
  • Group by Subscription, Resource Group, Type, Resource, Change Type, Client Type, Changed By, Operation, Changed By Type and Correlation ID.
  • Change Actor to understand who made the change and how a change was made.

In Action

The overview page with a summary of all the Resource Creates, Updates and Deletes based on the filters that are defined above them.

/Change Analysis Preview

We can get very specific based on the filters

/Change Analysis Filter

If we look at the last 2 columns we can see who initiated the change and what performed the change. You can see my identity creating Private Endpoints using Powershell and the associated NICs that were generated by the platform automatically hence the System value and being classified as Unspecified

[!TIP] There are quite a few filtering options available;

  • Subscription: This filter is in-sync with the Azure portal subscription selector. It supports multiple-subscription selection.
  • Resource Group: Select the resource group to scope to all resources within that group. By default, all resource groups are selected.
  • Time Span: Limit results to resources changed within a certain time range.
  • Change Types: Types of changes made to resources.
  • Resource Types: Search for resources by their resource type, like virtual machine.
  • Resources: Filter results based on their resource name.
  • Correlation IDs: Filter resource results by the operation’s unique identifier.
  • Changed By Types: Filter resource changes based on the descriptor of who made the change.
  • Client Types: Filter results based on how the change is initiated and performed.
  • Operations: Filter resources based on their resource provider operations.
  • Changed By: Filter the resource changes by who made the change.

If we click on the Open Query icon we can see the underlying KQL statement.

/Change Analysis KQL

You can then manipulate the KQL query and customize it to your specific needs and save them for later.

Conclusion

Whilst still in preview, the new Change Analysis feature provides greater visibility into the creation, deletion and updating of Azure resources within the Azure Portal. The integration with Azure Resource Graph and KQL makes it easier to setup specific filtering and queries based on what you want to see.