Last modified: Jul 16, 2026

Architecture patterns in Audit Log

Patterns for ingesting, storing and retrieving authentication and authorisation events.

Audit Log separates asynchronous ingestion from storing and reading security events.

Queue-based ingestion

Azure Functions read queue events and forward them to the Audit Log API.

Benefits: Loose coupling, traffic buffering and retries.

Drawbacks: Events are eventually consistent, may be duplicated and require dead-letter monitoring.

Code examples

Separate event streams over shared layers

Authentication and authorisation events use parallel models, services, repositories and controllers.

Benefits: Domain differences remain explicit.

Drawbacks: Parallel layers can duplicate code and diverge.

Code examples

Time-based database partitioning

A hosted service creates database partitions through a dedicated repository.

Benefits: Predictable queries and manageable retention.

Drawbacks: Missing partitions can stop writes; cleanup must follow retention requirements.

Code examples