Monitoring and Logging
Azure Platform Logs include: Resource Logs (previously diagnostic logs), Activity log, and Azure AD (sign-in logs),
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview
Resource Logs
capture activity to the data access plane while the
Activity log
is a subscription-level log for the control plane
Diagnostic Logs for the Subscription are control/management plane logs whereas Diagnostic Logs at the resource level are data plane logs.
Control Plane logs
are logs for things happening at a meta level for resources.
Data Plane logs
are logs for things happening within a resource.
Azure Data Explorer
Azure Monitor
Application Insights
Recommended Logs for Security
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log