last sync: 2020-Nov-30 15:25:09 UTC

Azure Policy definition

Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.

Name Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.
Azure Portal
Id 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616
Version 1.0.0
details on versioning
Category Security Center
Microsoft docs
Description Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-05-13 05:56:52 add 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics workspace",
          "description": "Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.",
          "strongType": "omsWorkspace"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/autoProvisioningSettings",
          "deploymentScope": "Subscription",
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "existenceCondition": {
            "field": "Microsoft.Security/autoProvisioningSettings/autoProvision",
            "equals": "On"
          },
          "deployment": {
            "location": "westus",
            "properties": {
              "mode": "incremental",
              "parameters": {
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              },
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.Security/autoProvisioningSettings",
                    "name": "default",
                    "apiVersion": "2017-08-01-preview",
                    "properties": {
                      "autoProvision": "On"
                    }
                  },
                  {
                    "type": "Microsoft.Security/workspaceSettings",
                    "apiVersion": "2017-08-01-preview",
                    "name": "default",
                    "properties": {
                    "workspaceId": "[parameters('logAnalytics')]",
                    "scope": "[subscription().id]"
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "8e7da0a5-0a0e-4bbc-bfc0-7773c018b616"
}