AzPolicyAdvertizer

last sync: 2025-Jun-24 17:22:20 UTC

Configure Azure Activity logs to stream to specified Event Hub v2

Community Policy definition

Source

Repository Community-Policy GitHub
JSON Community-Policy GitHub

Deploy policy b2215d7b-25ea-411f-8b04-8c30dc61bad9 (1.0.0) to Azure

Display name

Configure Azure Activity logs to stream to specified Event Hub v2

b2215d7b-25ea-411f-8b04-8c30dc61bad9

Version

1.0.0
Details on versioning

Category

Monitoring
Microsoft Learn

Description

Deploys the diagnostic settings for Azure Activity to stream subscriptions audit logs to an Event Hub to monitor subscription-level events. Amended built-in policy to add eventHubName-parameter to stream to a specific event hub. Allows to specify and audit all categories in one policy.

Mode

All

Type

Custom Community

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Azure Event Hubs Data Owner	f526a384-b230-433a-b45c-95f59c4a2dec
Log Analytics Contributor	92aaf0da-9dab-42b6-94a3-d43ce8d16293

Rule aliases

THEN-ExistenceCondition (5)

Alias	Namespace	ResourceType	Path	PathIsDefault	Modifiable
Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId	microsoft.insights	diagnosticSettings	properties.eventHubAuthorizationRuleId	True	False
Microsoft.Insights/diagnosticSettings/eventHubName	microsoft.insights	diagnosticSettings	properties.eventHubName	True	False
Microsoft.Insights/diagnosticSettings/logs[*]	microsoft.insights	diagnosticSettings	properties.logs[*]	True	False
Microsoft.Insights/diagnosticSettings/logs[*].category	microsoft.insights	diagnosticSettings	properties.logs[*].category	True	False
Microsoft.Insights/diagnosticSettings/logs[*].enabled	microsoft.insights	diagnosticSettings	properties.logs[*].enabled	True	False

Rule resource types

IF (1)
Microsoft.Resources/subscriptions
THEN-Deployment (1)
Microsoft.Insights/diagnosticSettings

JSON

EPAC