AzPolicyAdvertizer

last sync: 2021-Nov-26 17:15:01 UTC

Azure Policy definition

Azure subscriptions should have a log profile for Activity Log

Name Azure subscriptions should have a log profile for Activity Log
Azure Portal
Id 7796937f-307b-4598-941c-67d3a05ebfe7
Version 1.0.0
details on versioning
Category Monitoring
Microsoft docs
Description This policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance GA
JSON 
{
  "displayName": "Azure subscriptions should have a log profile for Activity Log",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "This policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created to export the logs either to a storage account or to an event hub.",
  "metadata": {
    "version": "1.0.0",
    "category": "Monitoring"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Resources/subscriptions"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Insights/logProfiles",
        "existenceCondition": {
          "field": "Microsoft.Insights/logProfiles/categories",
          "exists": "true"
        }
      }
    }
  }
}