...
This diagnostic setting will not appear in the diagnostic settings list in Azure Monitor.
Secure it
| Code Block |
|---|
//A malicious user has stopped a virtual machine in Azure
from cloud.azure.vm.administrative
where operationName = "MICROSOFT.COMPUTE/VIRTUALMACHINES/DEALLOCATE/ACTION" |
...
In this case, the malicious user has gained control of a user account with the Owner role.