last sync: 2025-Jul-03 17:22:55 UTC

Diagnostic logs in Azure AI services resources should be enabled

Azure BuiltIn Policy definition

Source Azure Portal
Display name Diagnostic logs in Azure AI services resources should be enabled
Id 1b4d1c4e-934c-4703-944c-27c82c06bebb
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Azure Ai Services
Microsoft Learn
Description Enable logs for Azure AI services resources. This enables you to recreate activity trails for investigation purposes, when a security incident occurs or your network is compromised
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Assessment(s) Assessments count: 1
Assessment Id: dea5192e-1bb3-101b-b70c-4646546f5e1e
DisplayName: Diagnostic logs in Azure AI services resources should be enabled
Description: Enable logs for Azure AI services resources. This enables you to recreate activity trails for investigation purposes, when a security incident occurs or your network is compromised.
Remediation description: To enable diagnostic logs for Azure AI services resources:
  1. In the Azure portal, open Azure AI Services.
  2. Select the relevant resource.
  3. From the left-side bar, under "Monitoring", select "Diagnostic settings".
  4. Click "+ Add diagnostic setting".
  5. Choose the relevant categories you would like to log.
  6. Select one of the destination options to store the diagnostics logs and insert relevant details.
  7. Enter a Diagnostic setting name.
  8. Click "Save".
  9. Make sure your diagnostic setting has a Diagnostic Settings Retention Rule for 1 year, or create one (see note below)
Learn more at:https://aka.ms/AI-Search/IPFirewall

Note:
It is recommended to set retention of 1 year for the logs.
If you select the storage account option, make sure to set the retention to 1 year via the storage account lifecycle management.
Learn more at:https://aka.ms/storage/lifecycle-management
If you select the log analytics option, make sure you set the retention to 1 year via the usage and estimated costs.
Learn more at:https://aka.ms/log-analytics/data-retention
Categories: Compute
Severity: Low
User impact: Low
Implementation effort: Low
Threats: DataExfiltration, ThreatResistance
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs[*] microsoft.insights diagnosticSettings properties.logs[*] True False
Rule resource types IF (2)
Compliance
The following 15 compliance controls are associated with this Policy definition 'Diagnostic logs in Azure AI services resources should be enabled' (1b4d1c4e-934c-4703-944c-27c82c06bebb)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Logging and Threat Detection Enable logging for security investigation Shared **Security Principle:** Enable logging for your cloud resources to meet the requirements for security incident investigations and security response and compliance purposes. **Azure Guidance:** Enable logging capability for resources at the different tiers, such as logs for Azure resources, operating systems and applications inside in your VMs and other log types. Be mindful about different type of logs for security, audit, and other operation logs at the management/control plane and data plane tiers. There are three types of the logs available at the Azure platform: - Azure resource log: Logging of operations that are performed within an Azure resource (the data plane). For example, getting a secret from a key vault or making a request to a database. The content of resource logs varies by the Azure service and resource type. - Azure activity log: Logging of operations on each Azure resource at the subscription layer, from the outside (the management plane). You can use the Activity Log to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken on the resources in your subscription. There is a single Activity log for each Azure subscription. - Microsoft Entra logs: Logs of the history of sign-in activity and audit trail of changes made in the Microsoft Entra ID for a particular tenant. You can also use Microsoft Defender for Cloud and Azure Policy to enable resource logs and log data collecting on Azure resources. **Implementation and additional context:** Understand logging and different log types in Azure: https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview Understand Microsoft Defender for Cloud data collection: https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection Enable and configure antimalware monitoring: https://docs.microsoft.com/azure/security/fundamentals/antimalware#enable-and-configure-antimalware-monitoring-using-powershell-cmdlets Operating systems and application logs inside in your compute resources: https://docs.microsoft.com/azure/azure-monitor/agents/data-sources#operating-system-guest n/a link 16
EU_AI_Act_2024_1689 12.1 EU_AI_Act_2024_1689_12.1 EU AI Act 2024 1689 12.1 12 Enable Automated Event Logging for High-Risk AI Systems Shared n/a Allow for the automatic recording of events (logs) over the operational lifetime of a high-risk AI system for accountability and traceability of actions taken by the system. 1
EU_AI_Act_2024_1689 12.2 EU_AI_Act_2024_1689_12.2 EU AI Act 2024 1689 12.2 12 Enable Logging Capabilities for High-Risk AI Systems to Support Traceability Shared n/a Enable logging capabilities in high-risk AI systems to record events relevant for identifying risks, supporting post-market monitoring, and tracking system operations to ensure traceability aligned with the system’s purpose. 1
EU_AI_Act_2024_1689 15.5 EU_AI_Act_2024_1689_15.5 EU AI Act 2024 1689 15.5 15 Implement Cybersecurity Measures for High-Risk AI Systems Shared n/a Confirm high-risk AI systems are resilient against unauthorized attempts to alter their use or performance. Implement appropriate technical solutions to address vulnerabilities, including measures to prevent, detect, and respond to data poisoning, model poisoning, and adversarial attacks. 6
EU_AI_Act_2024_1689 55.1d EU_AI_Act_2024_1689_55.1d EU AI Act 2024 1689 55.1d 55 Ensure Cybersecurity for General-Purpose AI Models with Systemic Risk Shared n/a Ensure, as required for AI providers of general-purpose AI models with systemic risk, an adequate level of cybersecurity for both the model and its supporting physical infrastructure. 6
K_ISMS_P_2018 2.10.1 K_ISMS_P_2018_2.10.1 K ISMS P 2018 2.10.1 2.10 Establish Procedures for Managing the Security of System Operations Shared n/a Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. 455
K_ISMS_P_2018 2.10.2 K_ISMS_P_2018_2.10.2 K ISMS P 2018 2.10.2 2.10 Establish Protective Measures for Administrator Privileges and Security Configurations Shared n/a Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. 431
K_ISMS_P_2018 2.11.1 K_ISMS_P_2018_2.11.1 K ISMS P 2018 2.11.1 2.11 Establish Procedures for Managing Internal and External Intrusion Attempts Shared n/a Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. 82
K_ISMS_P_2018 2.11.5 K_ISMS_P_2018_2.11.5 K ISMS P 2018 2.11.5 2.11 Establish Procedures to Respond and Recover from Incidents Shared n/a Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. 82
NIS2 LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 NIS2_LT._Logging_and_Threat_Detection_1 LT. Logging and Threat Detection Risk analysis & information system security policies n/a Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed. In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation. 24
NIST_AI_RMF_v1.0 3.2.4 NIST_AI_RMF_v1.0_3.2.4 NIST AI RMF v1.0 3.2.4 3.2 Monitor AI System Functionality and Behavior in Production Shared n/a Monitor the functionality and behavior of the AI system and its components when in production. 1
NIST_AI_RMF_v1.0 4.2.3 NIST_AI_RMF_v1.0_4.2.3 NIST AI RMF v1.0 4.2.3 4.2 Establish Procedures for Responding to Unknown Risks Shared n/a Establish procedures to respond to and recover from a previously unknown risk when it is identified. 1
NIST_AI_RMF_v1.0 4.3.2 NIST_AI_RMF_v1.0_4.3.2 NIST AI RMF v1.0 4.3.2 4.3 Monitor Pre-Trained Models in AI System Maintenance Shared n/a Monitor pre-trained models used for development as part of the regular monitoring and maintenance of the AI system. 1
NIST_AI_RMF_v1.0 4.4.1 NIST_AI_RMF_v1.0_4.4.1 NIST AI RMF v1.0 4.4.1 4.4 Implement Post-Deployment Monitoring Plans for AI Systems Shared n/a Implement post-deployment AI system monitoring plans, including mechanisms for capturing and evaluating input from users and other relevant AI actors, as well as for appeal and override, decommissioning, incident response, recovery, and change management. 1
U.15.1 - Events Logged U.15.1 - Events Logged 404 not found n/a n/a 51
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: NIS2 32ff9e30-4725-4ca7-ba3a-904a7721ee87 Regulatory Compliance Preview BuiltIn unknown
Enforce recommended guardrails for Open AI (Cognitive Service) Enforce-Guardrails-OpenAI Cognitive Services GA ALZ
EU AI Act 2024 1689 1308bccf-446a-4283-a4e0-0c983fe7a572 Regulatory Compliance GA BuiltIn unknown
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA BuiltIn true
NIST AI RMF v1.0 f58a876c-ec25-417e-9634-58d2a93e3fe2 Regulatory Compliance GA BuiltIn unknown
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-03-11 18:31:50 add 1b4d1c4e-934c-4703-944c-27c82c06bebb
JSON compare n/a
JSON
api-version=2021-06-01
EPAC