AzPolicyAdvertizer

last sync: 2020-Jul-03 15:47:34 UTC

Azure Policy

An activity log alert should exist for specific Policy operations

Policy DisplayName An activity log alert should exist for specific Policy operations

Policy Id c5447c04-a4d7-4ba8-a263-c9ee321a6858

Policy Category Monitoring

Policy Description This policy audits specific Policy operations with no activity log alerts configured.

Policy Mode All

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists,Disabled)

Roles used none

Policy Changes

Date/Time (UTC ymd) (i)	Change	Change detail
2020-01-29 21:53:30	add: Policy	c5447c04-a4d7-4ba8-a263-c9ee321a6858

Used in Policy Initiative(s)

Initiative DisplayName	Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0	1a5bb27d-173f-493e-9568-eb56638dde4d

Policy Rule

{
  "properties": {
    "displayName": "An activity log alert should exist for specific Policy operations",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy audits specific Policy operations with no activity log alerts configured.",
    "metadata": {
      "version": "2.0.0",
      "category": "Monitoring"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "operationName": {
        "type": "String",
        "metadata": {
          "displayName": "Operation Name",
          "description": "Policy Operation name for which activity log alert should exist"
        },
        "allowedValues": [
          "Microsoft.Authorization/policyAssignments/write",
          "Microsoft.Authorization/policyAssignments/delete"
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Insights/ActivityLogAlerts",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Insights/ActivityLogAlerts/enabled",
                "equals": "true"
              },
              {
                "count": {
                "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
                  "where": {
                    "anyOf": [
                      {
                        "allOf": [
                          {
                          "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
                            "equals": "category"
                          },
                          {
                          "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
                            "equals": "Policy"
                          }
                        ]
                      },
                      {
                        "allOf": [
                          {
                          "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
                            "equals": "operationName"
                          },
                          {
                          "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
                          "equals": "[parameters('operationName')]"
                          }
                        ]
                      }
                    ]
                  }
                },
                "equals": 2
              },
              {
                "not": {
                "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
                  "equals": "category"
                }
              },
              {
                "not": {
                "field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
                  "equals": "operationName"
                }
              }
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c5447c04-a4d7-4ba8-a263-c9ee321a6858"
}

Azure Policy

An activity log alert should exist for specific Policy operations

Popular