last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.

Policy DisplayName Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.
Policy Id 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616
Policy Category Security Center
Policy Description Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists,Disabled)
Roles used
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-13 05:56:52 add: Policy 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace.",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Allow Security Center to auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics workspace",
          "description": "Auto provision the Log Analytics agent on your subscriptions to monitor and collect security data using a custom workspace.",
          "strongType": "omsWorkspace"
        }
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/autoProvisioningSettings",
          "deploymentScope": "Subscription",
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "existenceCondition": {
            "field": "Microsoft.Security/autoProvisioningSettings/autoProvision",
            "equals": "On"
          },
          "deployment": {
            "location": "westus",
            "properties": {
              "mode": "incremental",
              "parameters": {
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                }
              },
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "logAnalytics": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.Security/autoProvisioningSettings",
                    "name": "default",
                    "apiVersion": "2017-08-01-preview",
                    "properties": {
                      "autoProvision": "On"
                    }
                  },
                  {
                    "type": "Microsoft.Security/workspaceSettings",
                    "apiVersion": "2017-08-01-preview",
                    "name": "default",
                    "properties": {
                    "workspaceId": "[parameters('logAnalytics')]",
                    "scope": "[subscription().id]"
                    }
                  }
                ]
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/8e7da0a5-0a0e-4bbc-bfc0-7773c018b616",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "8e7da0a5-0a0e-4bbc-bfc0-7773c018b616"
}