AzPolicyAdvertizer

last sync: 2025-Jul-15 17:24:34 UTC

[Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled

7c1b1214-f927-48bf-8882-84f0af6588b1

Version

2.2.0-deprecated
Details on versioning

Versioning

Versions supported for Versioning: 2
2.2.0 (2.2.0-deprecated)
2.1.0 (2.1.0-deprecated)
Built-in Versioning [Preview]

Category

Compute
Microsoft Learn

Description

This policy definition is no longer the recommended way to achieve its intent. Instead of continuing to use this policy, we recommend you assign this replacement policy with policy ID a3a6ea0c-e018-4933-9ef0-5aaa1501449b. Learn more about policy definition deprecation at aka.ms/policydefdeprecation

Cloud environments

AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown

Available in AzUSGov

The Policy is available in AzureUSGovernment cloud. Version: '2.*.*'

Mode

Indexed

Type

BuiltIn

Preview

False

Deprecated

True

Reference

Reference to 1 related Policy definition (taken from description)
[Deprecated]: Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring (a3a6ea0c-e018-4933-9ef0-5aaa1501449b)

Effect

Default
Disabled
Allowed
AuditIfNotExists, Disabled

RBAC role(s)

none

Rule aliases

IF (3)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Compute/imageOffer	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.offer properties.virtualMachineProfile.storageProfile.imageReference.offer properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imagePublisher	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.publisher properties.virtualMachineProfile.storageProfile.imageReference.publisher properties.creationData.imageReference.id	True True True	False False False
Microsoft.Compute/imageSKU	Microsoft.Compute Microsoft.Compute Microsoft.Compute	virtualMachines virtualMachineScaleSets disks	properties.storageProfile.imageReference.sku properties.virtualMachineProfile.storageProfile.imageReference.sku properties.creationData.imageReference.id	True True True	False False False

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	Path	PathIsDefault	DefaultPath	Modifiable
Microsoft.Compute/virtualMachineScaleSets/extensions/publisher	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.publisher	True		False
Microsoft.Compute/virtualMachineScaleSets/extensions/type	Microsoft.Compute	virtualMachineScaleSets/extensions	properties.type	True		False

Rule resource types

IF (1)

Microsoft.Compute/virtualMachineScaleSets

Compliance

The following 2 compliance controls are associated with this Policy definition '[Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled' (7c1b1214-f927-48bf-8882-84f0af6588b1)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
Azure_Security_Benchmark_v1.0	2.3	Azure_Security_Benchmark_v1.0_2.3	Azure Security Benchmark 2.3	Logging and Monitoring	Enable audit logging for Azure resources	Customer	Enable Diagnostic Settings on Azure resources for access to audit, security, and diagnostic logs. Activity logs, which are automatically available, include event source, date, user, timestamp, source addresses, destination addresses, and other useful elements. How to collect platform logs and metrics with Azure Monitor: https://docs.microsoft.com/azure/azure-monitor/platform/diagnostic-settings Understand logging and different log types in Azure: https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview	n/a	link	15
Azure_Security_Benchmark_v2.0	LT-4	Azure_Security_Benchmark_v2.0_LT-4	Azure Security Benchmark LT-4	Logging and Threat Detection	Enable logging for Azure resources	Shared	Enable logging for Azure resources to meet the requirements for compliance, threat detection, hunting, and incident investigation. You can use Azure Security Center and Azure Policy to enable resource logs and log data collecting on Azure resources for access to audit, security, and resource logs. Activity logs, which are automatically available, include event source, date, user, timestamp, source addresses, destination addresses, and other useful elements. Understand logging and different log types in Azure: https://docs.microsoft.com/azure/azure-monitor/platform/platform-logs-overview Understand Azure Security Center data collection: https://docs.microsoft.com/azure/security-center/security-center-enable-data-collection Enable and configure antimalware monitoring: https://docs.microsoft.com/azure/security/fundamentals/antimalware#enable-and-configure-antimalware-monitoring-using-powershell-cmdlets	n/a	link	13

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type	polSet in AzUSGov
[Deprecated]: Azure Security Benchmark v1	42a694ed-f65e-42b2-aa9e-8052e9740a92	Regulatory Compliance	Deprecated	BuiltIn	true
[Deprecated]: Azure Security Benchmark v2	bb522ac1-bc39-4957-b194-429bcd3bcb0b	Regulatory Compliance	Deprecated	BuiltIn	true

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-07-09 18:20:14	change	Minor, suffix remains equal (2.1.0-deprecated > 2.2.0-deprecated)
2023-02-16 18:41:08	change	Version remains equal, new suffix: deprecated (2.1.0 > 2.1.0-deprecated)
2021-12-06 22:17:57	change	Minor (2.0.1 > 2.1.0)
2021-02-10 14:43:58	change	Patch (2.0.0 > 2.0.1)

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC