last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'

Name Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'
Azure Portal
Id 1a4e592a-6a6e-44a5-9814-e36264ca96e7
Version 1.0.0
details on versioning
Category Monitoring
Microsoft docs
Description This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON
{
  "displayName": "Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "This policy ensures that a log profile collects logs for categories 'write,' 'delete,' and 'action'",
  "metadata": {
    "version": "1.0.0",
    "category": "Monitoring"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Resources/subscriptions"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Insights/logprofiles",
        "existenceCondition": {
          "allOf": [
            {
              "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                "notEquals": "Write"
              }
            },
            {
              "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                "notEquals": "Delete"
              }
            },
            {
              "not": {
                "field": "Microsoft.Insights/logProfiles/categories[*]",
                "notEquals": "Action"
              }
            }
          ]
        }
      }
    }
  }
}