APIM Masking PII Data in Azure Application Insights

1
votes

We have a PII masking requirement and I happen to come across a post here: https://social.msdn.microsoft.com/Forums/azure/en-US/0b38fd1e-8aa9-45f7-91a7-fd0631ef8bba/dealing-with-pii-or-sensitive-data-captured-by-application-insights?forum=ApplicationInsights

My question is how we do this for API Management (APIM)? As I am not sure how to associate the Custom Telemetry with API Management (as per MICROSOFT APP Insights Team it is not possible to set Custom Cloud Rolename or use Custom Telemetry in APIM).

As right now its all configured thru Azure Portal and no custom telemetry to it, our backend services (API) do use Custom Telemetry but in Azure portal, the PII data is marked as coming from APIM and not the APIs itself. Any help? Can someone help on how we can MASK Such data coming from POST request logged in App Insights from APIM?

1
azure-application-insightsazure-api-management

1 Answers

1
votes

Application Insights cannot control on what telemetry APIM instances would send to Application Insights, this is something need to be controlled from APIM stand point.

Hopefully you have request/response body logging enabled in APIM. Can you please check what are the bytes of body setting setup with in APIM and please make sure its specified as 0 (zero).

enter image description here

Additionally you can also check out the purge functionality which can be leveraged to purge the data which is already residing in Application Insights based on user defined filters.

Hope the above information helps