Troubleshoot resource property changes using Change History in Azure Policy | Azure Friday

>>When you’re troubleshooting
a time-sensitive issue, you really want the ability to identify quickly any recent changes. Now with change history, you can find exactly what
changed in your Azure resources. Jenny Hunter is here to
show us how it works, today, on Azure Friday. [MUSIC].>>Hey everyone.
Donovan Brown here with another episode of Azure Friday. I’m here with Jenny, and she’s
going to show us how to use change history to troubleshoot
issues in Azure. So change history. How do I use this and what
does it really good for?>>Basically, when
it comes down to you and things are breaking
in your environment, the first question
is, what’s changed?>>Yeah.>>Today unfortunately, it can be
a really frustrating experience. So let me go ahead. Can I give you a showcase of that?>>Okay.>>So here’s my machine, let’s call it Marketing1. It’s responsible for
one of my websites contoso.com and it is simply
dropping resources today. As a result, I’m dropping customers, people are getting error pages. So I want to figure
out why this machine isn’t giving me the service
it’s supposed to be doing. So I click onto “Activity
log” and go through. I know that I first started
getting reports this morning. So I’m going to look at just the
last 24 hours in activity logs. What I get here is I have a lot
of information thrown in my face. I have a lot of auditing
going on in my environment. So if I’m lucky enough, I spot this Create or
update virtual machine. So I go to drill down more in that, and I get this which tells me, it was either created or updated. So this gives you
a time frame to work with, but I don’t know much else. So if I’m lucky, I have a user that I
can go and try and contact them and figure
out why this has happened, but in general, I don’t
know the results for that. I don’t know if anything even
changed or they could have just made a put call with the API that had the exact same payload
and therefore, the resource didn’t actually
change at that time.>>Got you.>>So I can be overloaded with all the different information
coming to me from these audit logs. But now, if I go and take the next
step to go into Azure Policy. From here, I can see
I actually became non-compliant with
three different policies. So I’m going to scroll
down into one of them and deep dive into why this machine
might have become non-compliant. From the non-compliant resource page, I see that this machine
is indeed listed. The cool thing is now, from the resource complaints
page here and policy, you get this Change history tab.>>Okay.>>By clicking on that, I’m able
to see all the times there was actual content change
to the resource. So this is times that I know for certain that a property
on that resource changed.>>Right. So this is different
from the scenario you described earlier where there
was just a put to the API, but didn’t really change anything, that’ll still show
up in the audit log, but it will not show up here
unless something actually changed.>>Correct.
>>Okay.>>So this helps you really
filter down a lot of the noise.>>Got it.>>That happens in your environment.>>Perfect.>>So like I said, I know that this problem occurring this morning and I see that
right early this morning, there’s actually a change
that was detected. So by clicking into this, I’m able to see quickly, before, and after, of a change that
happened in my environment, where the VM sizes actually modified, which could affect
what resources are available, but also key component of
that is that the machine gets restarted whenever
someone changes the size, which could affect a lot
of high availability and any applications
running on the machine.>>Absolutely.>>So this capability provides a lot of flexibility
and helping you to understand what’s going on your environment and
troubleshoot when you get different tickets or issues coming out to actually understand what
changed in your environment, so you can take those next steps
to do root cause analysis.>>Yeah. Or very simply,
just change it back.>>Definitely. So
the next step on top of this, we just came out into public preview. We’re actually now out in
public preview with our API, so you can get
more freedom and control. You don’t have to have policies on your resources in order
to access this data.>>Got you.>>Even better, you actually require no configuration and no cost to see what’s happening
on your resources.>>Great. Having this
available through a rest API, now allows me to incorporate
this data and these policies and just change information
into other parts of my process, potentially CICD pipeline,
I can then go and create some of this data to see if the changes have been made
the way I want them to be.>>Exactly.>>Perfect. So we’re
learning all about the new improvements of change
history here on Azure Friday. [MUSIC]

Bernard Jenkins

One Comment

  1. Thank you for sharing this information with us, very helpful.

Leave a Reply

Your email address will not be published. Required fields are marked *