last sync: 2021-Sep-24 16:09:49 UTC

Azure Policy definition

Activity log should be retained for at least one year

Name Activity log should be retained for at least one year
Azure Portal
Id b02aacc0-b073-424e-8298-42b22829ee0a
Version 1.0.0
details on versioning
Category Monitoring
Microsoft docs
Description This policy audits the activity log if the retention is not set for 365 days or forever (retention days set to 0).
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA
JSON
{
  "displayName": "Activity log should be retained for at least one year",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "This policy audits the activity log if the retention is not set for 365 days or forever (retention days set to 0).",
  "metadata": {
    "version": "1.0.0",
    "category": "Monitoring"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyRule": {
    "if": {
      "field": "type",
      "equals": "Microsoft.Resources/subscriptions"
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "type": "Microsoft.Insights/logProfiles",
        "existenceCondition": {
          "anyOf": [
            {
              "allOf": [
                {
                  "field": "Microsoft.Insights/logProfiles/retentionPolicy.enabled",
                  "equals": "true"
                },
                {
                  "field": "Microsoft.Insights/logProfiles/retentionPolicy.days",
                  "equals": "365"
                }
              ]
            },
            {
              "allOf": [
                {
                  "field": "Microsoft.Insights/logProfiles/retentionPolicy.enabled",
                  "equals": "false"
                },
                {
                  "field": "Microsoft.Insights/logProfiles/retentionPolicy.days",
                  "equals": "0"
                }
              ]
            }
          ]
        }
      }
    }
  }
}