last sync: 2022-Jul-01 16:32:34 UTC

Azure Policy definition

Resource logs in Azure Key Vault Managed HSM should be enabled

Name Resource logs in Azure Key Vault Managed HSM should be enabled
Azure Portal
Id a2a5b911-5617-447e-a49e-59dbe0e0434b
Version 1.0.0
details on versioning
Category Key Vault
Microsoft docs
Description To recreate activity trails for investigation purposes when a security incident occurs or when your network is compromised, you may want to audit by enabling resource logs on Managed HSMs. Please follow the instructions here:
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
Rule Aliases THEN-ExistenceCondition (5)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs.enabled microsoft.insights diagnosticSettings properties.logs[*].enabled false
Microsoft.Insights/diagnosticSettings/logs[*] microsoft.insights diagnosticSettings properties.logs[*] false
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.days false
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.enabled false
Microsoft.Insights/diagnosticSettings/storageAccountId microsoft.insights diagnosticSettings properties.storageAccountId false
Rule ResourceTypes IF (1)
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-17 14:28:42 add a2a5b911-5617-447e-a49e-59dbe0e0434b
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn