last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

Diagnostic logs in App Services should be enabled

Name Diagnostic logs in App Services should be enabled
Azure Portal
Id b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0
Version 2.0.0
details on versioning
Category App Service
Microsoft docs
Description Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92 Regulatory Compliance Preview
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
Json
{
  "properties": {
    "displayName": "Diagnostic logs in App Services should be enabled",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Audit enabling of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised",
    "metadata": {
      "version": "2.0.0",
      "category": "App Service"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Web/sites"
          },
          {
            "field": "kind",
            "notContains": "functionapp"
          },
          {
            "field": "kind",
            "notContains": "linux"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Web/sites/config",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Web/sites/config/detailedErrorLoggingEnabled",
                "equals": "true"
              },
              {
                "field": "Microsoft.Web/sites/config/httpLoggingEnabled",
                "equals": "true"
              },
              {
                "field": "Microsoft.Web/sites/config/requestTracingEnabled",
                "equals": "true"
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0"
}