Skip to main content
Purging Records from Log Analytics / Application Insights for GDPR compliance
  1. Posts/

Purging Records from Log Analytics / Application Insights for GDPR compliance

·403 words·2 mins
Christoph Petersen
Author
Christoph Petersen
Table of Contents
Photo by Samuel Zeller on Unsplash

Since Friday May 25th 2018 the General Data Protection Regulation (GDPR) took effect across Europe. It governs how data should be processed and provides extensive rights to the person which data is used.

One of these rights is the right to erasure (“right to be forgotton”). If a customer or consumer requests for data deletion this needs to be fulfilled in a reasonable amount of time across all systems.

Until now it was not possible to delete data once it was written to either Log Analytics or Application Insights and one needed to wait until the retention period was reached for data to be groomed/purged. With the emergence of GDPR, Microsoft has intruduced two API paths for both Log Analytics and Application Insights to explicitly create purge requests which will be fulfilled within 30 days. Detailed information on the data management can be found in our documentation for Log Analytics and Application Insights.

Permissions & Provider registration
#

In order to submit purge requests a special RBAC role needs to be assigned: Data Purger. This role is not assigned by default and not even the resource owner has this right.

In some scenarios you might get an error indicating that for your subscription the resource provider needs to be registered. If that is the case run the following (I used Azure Cloud Shell):

az provider register -n Microsoft.LogAnalytics

Issue purge request
#

To issue the purge you need the subscription, resource group and the name of the Log Analytics workspace or Application Insights app. We provide documentation for the purge API path for Log Analytics and Application Insights.

All purges require at least a single filter. A filter is nothing more than a Log Analytics query. Take a look at the following sample:

AzureDiagnostics
| where SourceSystem == "Azure"

corresponds to the following JSON payload for the purge request:

{
    "filters": [{
        "column": "SourceSystem",
        "operator": "==",
        "value": "Azure"
    }],
    "table": "AzureDiagnostics"
}

If the request was sucessfully accepted you’ll see something like the wollowing:

{
    "operationId": "purge-7d7cf277-9113-4ab3-8359-d0364b74d01d"
}

Microsoft provides an SLA of 30 days until the data is purged from the backend systems. To track the status of the purge request you can use this id. As part of the response you’ll see a field x-ms-status-location . Submitting a GET request with a valid Bearer token will provide you with the status of the deletion request:

purge-response

Related

Azure Monitor Container Health Public Preview

Azure Monitor Container Health Public Preview

·224 words·2 mins
Photo by frank mckenna on Unsplash Monitoring the container infrastructure which is running your applications is important. With the emergence of managed Kubernetes such as Aure Container Service (AKS) this becomes more tricky as part of the infrastructure is managed by somebody else.

Using Update Management in Isolated Environments

·475 words·3 mins
Almost all Azure management services run in/for any cloud. Among them is Update Management which automates OS patching for both Linux and Windows machines whether they are running on-premises, in Azure or in other clouds.

Azure Policy: Mapping Audit Log Events to Policy Objects

·181 words·1 min
Azure Policy is a great tool to define governance controls in Azure. With addition of the compliance pieces this feature which was part of Azure for quite some time finally had it’s appearance on main stage (deep dive on implementing governance at scale in this video from Ignite 2017 by Joseph Chan and Liz Kim)