AzPolicyAdvertizer

last sync: 2025-May-07 18:08:45 UTC

Deploy a Traffic Analytics enabled Flow Log resource with target virtual network

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 582b01ec-5ed4-408e-ad80-d7667d7b8de2 (1.0.0) to Azure
Display name Deploy a Traffic Analytics enabled Flow Log resource with target virtual network
Id 582b01ec-5ed4-408e-ad80-d7667d7b8de2
Version 1.0.0
Details on versioning
Category Network
Microsoft Learn
Description Configures flow log with enabled Traffic Analytics for specific virtual network. It will allow to log information about IP traffic flowing through an virtual network. Virtual Netowork Flow logs help to identify unknown or undesired traffic, verify network isolation and compliance with enterprise access rules, analyze network flows from compromised IPs and network interfaces.
Mode Indexed
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule aliases THEN-Details (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/flowLogs Microsoft.Network virtualNetworks properties.flowLogs True False
Microsoft.Network/virtualNetworks/flowLogs[*].id Microsoft.Network virtualNetworks properties.flowLogs[*].id True False
THEN-ExistenceCondition (6)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled Microsoft.Network networkWatchers/flowLogs properties.enabled True False
Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled Microsoft.Network networkWatchers/flowLogs properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled True False
Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.trafficAnalyticsInterval Microsoft.Network networkWatchers/flowLogs properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.trafficAnalyticsInterval True False
Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.workspaceId Microsoft.Network networkWatchers/flowLogs properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.workspaceId True False
Microsoft.Network/networkWatchers/flowLogs/retentionPolicy.days Microsoft.Network networkWatchers/flowLogs properties.retentionPolicy.days True True
Microsoft.Network/networkWatchers/flowLogs/storageId Microsoft.Network networkWatchers/flowLogs properties.storageId True False
Rule resource types IF (1)
Microsoft.Network/virtualNetworks
THEN-Deployment (2)
Microsoft.Network/networkWatchers/flowLogs
Microsoft.Resources/deployments
JSON
EPAC
Deploy policy 582b01ec-5ed4-408e-ad80-d7667d7b8de2 (1.0.0) to Azure