az monitor diagnostic-settings list --resource <resource-id> --output tableDiagnostic settings for storage
Diagnostic settings for storage route Azure Storage platform logs and metrics, including service-specific operations where supported, to destinations such as Log Analytics, Event Hubs, or Storage for investigation and compliance.
Source: Microsoft Learn - Diagnostic settings in Azure Monitor Reviewed 2026-05-13
- Exam trap
- Changing production before checking the exact Azure scope, owner, identity, destination, and rollback or recovery procedure.
- Production check
- Can you name the Azure scope, owner, resource ID, dependency, and rollback or recovery path without guessing?
Article details and learning context
- Aliases
- storage diagnostic settings, Azure Storage diagnostic settings, Storage account diagnostic settings, storage platform log routing
- Difficulty
- intermediate
- CLI mappings
- 4
- Last verified
- 2026-05-13
Understand the concept
In plain English
Diagnostic settings for storage is diagnostic settings that export Azure Storage account and service logs or metrics to approved monitoring destinations. In Azure, it helps teams capture storage read, write, delete, availability, latency, and operational evidence for security, troubleshooting, compliance, and cost-aware monitoring. Plainly, it is a named part of the architecture that operators can point to when they need evidence, ownership, and a safe change path. A useful glossary entry should explain where it appears, what it controls, what depends on it, and which signal proves it is healthy.
Why it matters
Diagnostic settings for storage matters because a small Azure setting can shape customer experience, security posture, operational visibility, and incident recovery. When it is shallowly documented, teams may troubleshoot the wrong service, queue, device, policy, deployment, workspace, or destination while the real dependency remains hidden. In enterprise Azure work, the value is shared language: application, platform, security, data, finance, and operations teams can discuss the same object without guessing. That reduces incident time, improves audit quality, clarifies ownership, and makes production changes safer because failure modes and graph relationships are visible before change. Treat Diagnostic settings for storage as production owned when customer traffic, regulated data, device fleets, shared infrastructure, or release automation depends on it.
Technical context
Technically, Diagnostic settings for storage appears in Storage account diagnostic settings, blob service, file service, queue service, table service resource IDs, metric categories, log categories, Log Analytics, Event Hubs, and Storage destinations and interacts with Storage Account, Blob Storage, Queue Storage, and Azure Monitor. Configuration is reviewed through storage service resource ID, log category, metric category, and workspace destination, while operators validate live state through storage diagnostic setting, selected service logs, transaction metrics, and ingestion volume. Scope determines which permissions, logs, commands, and dependencies matter.
Exam context
Compare with
Where it is used
Where you see it
- In storage accounts, diagnostic settings for storage appear when teams route blob, file, queue, or table logs and metrics to monitoring destinations during production review.
- In security investigations, they appear when analysts need evidence for storage reads, writes, deletes, firewall behavior, or unusual access patterns during production review when operators collect repeatable evidence.
- In cost review, they appear when high-volume storage operation logs increase Log Analytics ingestion or Event Hubs throughput charges during production review when operators collect repeatable evidence.
Common situations
- Export storage operation logs for investigation.
- Monitor storage latency and availability with platform metrics.
- Control ingestion cost by selecting only required categories and destinations.
Illustrative Azure scenarios
These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.
Scenario 01 Diagnostic settings for storage in action for legal document storage Scenario, objectives, solution, measured impact, and takeaway.
BlueOak Archives, a legal document storage organization, needed to address investigators lacked consistent evidence for blob reads and deletes across storage accounts. The architecture team used Diagnostic settings for storage as the control point for a measurable production improvement.
- Route storage logs to a central workspace
- Retain delete evidence for regulated cases
- Reduce manual storage account checks by 50 percent
Architects configured diagnostic settings for storage across production blob services. Selected read, write, and delete categories were sent to Log Analytics, while long-term retention used approved storage. KQL workbooks summarized unusual access and policy tracked accounts missing settings. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership. Runbooks were updated so support engineers could identify the correct scope, identity, dependency, telemetry signal, and approval record without asking the original implementer. The final design connected governance with day-to-day engineering work, which made the change understandable to security, operations, finance, and application stakeholders. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership.
- Manual checks dropped 63 percent
- Delete investigations had resource-level evidence
- Workspace access followed legal review groups
Storage diagnostic settings make sensitive data operations visible enough for investigation and audit.
Scenario 02 Diagnostic settings for storage in action for last-mile logistics Scenario, objectives, solution, measured impact, and takeaway.
FreshFleet Delivery, a last-mile logistics organization, needed to address queue and blob latency spikes delayed dispatch updates but application logs did not show the storage layer. The architecture team used Diagnostic settings for storage as the control point for a measurable production improvement.
- Expose storage latency and availability metrics
- Correlate storage issues with dispatch delays
- Avoid overcollecting noisy diagnostics
The operations team enabled diagnostic settings for storage metrics and selected service logs on dispatch storage accounts. Azure Monitor alerts used availability and latency metrics, while Log Analytics queries correlated queue operations with delayed dispatch events. Categories were reviewed after two weeks to remove low-value noise. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership. Runbooks were updated so support engineers could identify the correct scope, identity, dependency, telemetry signal, and approval record without asking the original implementer. The final design connected governance with day-to-day engineering work, which made the change understandable to security, operations, finance, and application stakeholders. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership.
- Storage-caused dispatch delays were identified in minutes
- Log ingestion volume stayed within budget
- Mean time to innocence for the app team fell 55 percent
Diagnostic settings for storage help teams prove whether the storage service is causing application symptoms.
Scenario 03 Diagnostic settings for storage in action for higher education IT Scenario, objectives, solution, measured impact, and takeaway.
MetroEdu Cloud, a higher education IT organization, needed to address new storage accounts were created without diagnostic routing and later failed compliance checks. The architecture team used Diagnostic settings for storage as the control point for a measurable production improvement.
- Apply diagnostics consistently to storage resources
- Reduce compliance drift across departments
- Send only required categories to central monitoring
Governance engineers combined storage diagnostic settings with a policy initiative. New storage accounts were evaluated for required diagnostic routing, remediation created missing settings where supported, and departmental owners received cost reports for ingestion volume. Exceptions required a ticket and expiration date. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership. Runbooks were updated so support engineers could identify the correct scope, identity, dependency, telemetry signal, and approval record without asking the original implementer. The final design connected governance with day-to-day engineering work, which made the change understandable to security, operations, finance, and application stakeholders. The team validated Diagnostic settings for storage in a lower environment, captured before-and-after evidence, and promoted the change through a controlled release with rollback ownership.
- Compliance drift fell below 5 percent
- Remediation created settings within the same business day
- Departments reduced unnecessary log categories by 22 percent
Storage diagnostics work best when policy, cost reporting, and category selection are managed together.
Azure CLI
CLI checks for Diagnostic settings for storage are useful because they turn portal assumptions into repeatable evidence. Start with read-only commands that show scope, state, owner, permissions, destinations, deployment settings, or device records. Run mutating, security-impacting, or cost-impacting commands only after approval, because the wrong scope can affect production availability, spend, access, or telemetry.
Useful for
- Export storage operation logs for investigation.
- Monitor storage latency and availability with platform metrics.
- Control ingestion cost by selecting only required categories and destinations.
Before you run a command
- Run az account show, confirm tenant and subscription, and verify the operator identity has approved read access for the exact Azure scope.
- Confirm resource group, service name, resource ID, environment, owner, and change record before collecting evidence or modifying production configuration.
- Prefer read-only commands first; review any command that creates deployments, changes policy, alters device access, or routes telemetry before running it.
What the output tells you
- Whether the resource, setting, device, deployment, policy, queue, or API Management object exists at the expected Azure scope.
- Which state, target, timestamp, SKU, identity, destination, count, property, or compliance result is visible to the operator.
- Whether the issue is wrong scope, stale configuration, missing permissions, broken telemetry routing, policy drift, device provisioning failure, or release mismatch.
Mapped commands
Diagnostic settings for storage operational checks
directaz monitor diagnostic-settings show --name <setting-name> --resource <resource-id>az monitor diagnostic-settings create --name <setting-name> --resource <resource-id> --workspace <workspace-id> --logs @logs.json --metrics @metrics.jsonaz monitor diagnostic-settings delete --name <setting-name> --resource <resource-id>Architecture context
Diagnostic settings for storage belongs to Monitoring and Observability architecture decisions where identity, monitoring, cost ownership, reliability, and production support need shared evidence.
- Security
- Security for Diagnostic settings for storage starts with least privilege, trusted configuration, and evidence that access matches workload risk. Review data access log visibility, workspace RBAC, sensitive URI exposure, private endpoint telemetry, and retention governance before approving production use. A common failure is assuming that a working feature, successful deployment, connected device, or populated log destination proves the configuration is safe. Use Microsoft Entra groups, managed identities, RBAC, private connectivity, diagnostic logging, source-controlled definitions, and approval records where applicable. Keep exceptions ticketed, time-bounded, and owned. For regulated workloads, align the term with classification, retention, break-glass, and incident-response procedures. Remove broad access, stale keys, unreviewed contributors, and undocumented exception paths before Diagnostic settings for storage becomes an incident path.
- Cost
- Cost for Diagnostic settings for storage appears through compute capacity, transaction volume, diagnostic retention, policy remediation, storage consumption, API exposure, message retries, device fleet operations, and the human effort required to recover from mistakes. Review high-volume storage logs, Log Analytics ingestion, retention storage, event hub throughput, and query volume before expanding production use. Some costs are direct, such as retained logs, provisioned capacity, storage transactions, or queue processing; others are indirect, such as failed releases, duplicated troubleshooting, emergency restores, and support escalation. Tag related resources, monitor usage, and separate exploratory work from production. A cost review should connect spend to a real owner and measurable value.
- Reliability
- Reliability for Diagnostic settings for storage depends on repeatable configuration, tested dependencies, and clear failure signals. Watch availability metrics, latency signals, missing service logs, destination outage, and policy coverage because drift often appears later as failed releases, missing telemetry, stuck messages, failed device provisioning, unavailable APIs, or confusing support evidence. Use lower environments, source-controlled definitions where possible, deployment validation, monitoring, and recovery notes before changing production. Operators should know which resource, endpoint, queue, policy, workspace, device, or downstream application fails first and which metric or log proves the failure. The goal is predictable recovery: detect Diagnostic settings for storage drift, preserve service, restore safely, and explain the incident without guessing.
- Performance
- Performance for Diagnostic settings for storage depends on workload shape, service limits, data volume, network path, diagnostic destination, policy evaluation, device scale, queue behavior, deployment capacity, and the monitoring path used to confirm success. Review storage latency metrics, transaction volume, log ingestion latency, workspace query speed, and event hub backpressure before increasing capacity or retrying blindly. The better fix might be correcting partitioning, reducing log noise, warming an endpoint, tuning queue visibility, selecting a different deployment type, or moving telemetry to a better destination. Measure under representative production conditions. Operators should connect symptoms to evidence: latency, throttling, backlog, failed operations, dropped logs, or stale state.
- Operations
- Operations for Diagnostic settings for storage should focus on ownership, observability, and safe repeatability. Standardize names, tags, owner groups, environment labels, diagnostic destinations, runbook links, approval records, and change windows so support teams do not reverse-engineer the platform during incidents. Use read-only CLI, API, policy, diagnostic, or portal checks first, then compare live state with intended configuration. For production, connect alerts, audit events, cost records, graph links, and release notes to the same term. The support question should be simple: who owns it, what changed, and what proves the current state?. Capture owner, scope, evidence, and recovery procedure before changing Diagnostic settings for storage in a production environment.
Common mistakes
- Changing production before checking the exact Azure scope, owner, identity, destination, and rollback or recovery procedure.
- Treating a portal screenshot as sufficient evidence when CLI output, activity logs, diagnostics, and source-controlled configuration are repeatable.
- Assuming a name match proves the correct resource when subscriptions, regions, products, device IDs, queues, and workspaces can look similar.