AzPolicyAdvertizer

last sync: 2021-Jan-25 16:07:05 UTC

Azure Policy definition

Auto provisioning of the Log Analytics agent should be enabled on your subscription

Name Auto provisioning of the Log Analytics agent should be enabled on your subscription
Azure Portal
Id 475aae12-b88a-4572-8b36-9b712b2b3a17
Version 1.0.1
details on versioning
Category Security Center
Microsoft docs
Description To monitor for security vulnerabilities and threats, Azure Security Center collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-12-11 15:42:52 change Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Deprecated]: Azure Security Benchmark v1 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Deprecated
[Deprecated]: Azure Security Benchmark v2 bb522ac1-bc39-4957-b194-429bcd3bcb0b Regulatory Compliance Deprecated
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON Changes

Json 
{
  "properties": {
    "displayName": "Auto provisioning of the Log Analytics agent should be enabled on your subscription",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "To monitor for security vulnerabilities and threats, Azure Security Center collects data from your Azure virtual machines. Data is collected by the Log Analytics agent, formerly known as the Microsoft Monitoring Agent (MMA), which reads various security-related configurations and event logs from the machine and copies the data to your Log Analytics workspace for analysis. We recommend enabling auto provisioning to automatically deploy the agent to all supported Azure VMs and any new ones that are created.",
    "metadata": {
      "version": "1.0.1",
      "category": "Security Center"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/autoProvisioningSettings",
          "existenceCondition": {
            "field": "Microsoft.Security/autoProvisioningSettings/autoProvision",
            "equals": "On"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "475aae12-b88a-4572-8b36-9b712b2b3a17"
}