AzPolicyAdvertizer

last sync: 2020-Sep-23 13:42:45 UTC

Azure Policy

Azure Monitor should collect activity logs from all regions

Policy DisplayName Azure Monitor should collect activity logs from all regions

Policy Id 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9

Policy Category Monitoring

Policy Description This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.

Policy Mode All

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)

Roles used none

Policy Changes no changes

Used in Policy Initiative(s)

Initiative DisplayName	Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0	1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark	42a694ed-f65e-42b2-aa9e-8052e9740a92
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab

Policy Rule

{
  "properties": {
    "displayName": "Azure Monitor should collect activity logs from all regions",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy audits the Azure Monitor log profile which does not export activities from all Azure supported regions including global.",
    "metadata": {
      "version": "1.0.0",
      "category": "Monitoring"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Insights/logProfiles",
          "existenceCondition": {
            "allOf": [
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "australiacentral"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "australiacentral2"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "australiaeast"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "australiasoutheast"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "brazilsouth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "canadacentral"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "canadaeast"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "centralindia"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "centralus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "eastasia"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "eastus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "eastus2"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "francecentral"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "francesouth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "japaneast"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "japanwest"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "koreacentral"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "koreasouth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "northcentralus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "northeurope"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "southafricanorth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "southafricawest"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "southcentralus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "southindia"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "southeastasia"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "uaecentral"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "uaenorth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "uksouth"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "ukwest"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "westcentralus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "westeurope"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "westindia"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "westus"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "westus2"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/logProfiles/locations[*]",
                  "notEquals": "global"
                }
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9"
}

Azure Policy

Azure Monitor should collect activity logs from all regions

Popular