last sync: 2021-Jul-26 15:31:58 UTC

Azure Policy definition

Flow logs should be configured for every network security group

Name Flow logs should be configured for every network security group
Azure Portal
Id c251913d-7d24-4958-af87-478ed3b9ba41
Version 1.1.0
details on versioning
Category Network
Microsoft docs
Description Audit for network security groups to verify if flow logs are configured. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 change Minor (1.0.0 > 1.1.0)
2020-08-27 15:39:26 add c251913d-7d24-4958-af87-478ed3b9ba41
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
Flow logs should be configured and enabled for every network security group 62329546-775b-4a3d-a4cb-eb4bb990d2c0 Network GA
JSON Changes

JSON
{
  "properties": {
    "displayName": "Flow logs should be configured for every network security group",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit for network security groups to verify if flow logs are configured. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.",
    "metadata": {
      "version": "1.1.0",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.Network/networkSecurityGroups"
          },
          {
            "count": {
            "field": "Microsoft.Network/networkSecurityGroups/flowLogs[*]"
            },
            "equals": 0
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c251913d-7d24-4958-af87-478ed3b9ba41"
}