AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics

Azure Landing Zones (ALZ) Policy definition

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deploy-Nsg-FlowLogs-to-LA
Display name [Deprecated] Deploys NSG flow logs and traffic analytics to Log Analytics
Id Deploy-Nsg-FlowLogs-to-LA
Version 1.1.0-deprecated
Details on versioning
Category Monitoring
Description [Deprecated] Deprecated by built-in policy. Deploys NSG flow logs and traffic analytics to Log Analytics with a specified retention period. Superseded by https://www.azadvertizer.net/azpolicyadvertizer/e920df7f-9a64-4066-9b58-52684c02a091.html
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
Mode Indexed
Type Custom Azure Landing Zones (ALZ)
Preview False
Deprecated True
SupersededBy This ALZ Policy definition is superseded by Configure network security groups to enable traffic analytics (e920df7f-9a64-4066-9b58-52684c02a091) BuiltIn
More information on Azure Landing Zones deprecated Policy definitions
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
Storage Account Key Operator Service Role 81a9662b-bebf-436f-a333-f67b29880f12
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule aliases THEN-Details (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/networkSecurityGroups/flowLogs Microsoft.Network networkSecurityGroups properties.flowLogs True False
Microsoft.Network/networkSecurityGroups/flowLogs[*].id Microsoft.Network networkSecurityGroups properties.flowLogs[*].id True False
THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled Microsoft.Network networkWatchers/flowLogs properties.enabled True False
Rule resource types IF (1)
Microsoft.Network/networkSecurityGroups
THEN-Deployment (3)
Microsoft.Network/networkWatchers
Microsoft.Resources/deployments
Microsoft.Storage/storageAccounts
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-11-02 02:17:41 change Version remains equal, new suffix: deprecated (1.1.0 > 1.1.0-deprecated)
Superseded by: Configure network security groups to enable traffic analytics (e920df7f-9a64-4066-9b58-52684c02a091) BuiltIn
JSON compare
compare mode: version left: version right:
JSON
EPAC