---
title: Azure subscriptions should have a diagnostic setting for activity logs
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Azure subscriptions should have a
  diagnostic setting for activity logs
---

# Azure subscriptions should have a diagnostic setting for activity logs
 
## Description{% #description %}

Ensure that a subscription-scoped diagnostic setting exists for exporting activity logs. Diagnostic settings control how activity logs are exported and retained beyond the default 90-day period, enabling long-term security analysis of subscription-level control-plane events.

## Remediation{% #remediation %}

Create a diagnostic setting at the subscription level that forwards activity logs to a destination such as a Log Analytics workspace, storage account, or event hub. Select the appropriate log categories for your environment. See [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings).