last sync: 2021-Jun-15 14:05:41 UTC

Azure Policy definition

Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.

Name Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.
Azure Portal
Id c717fb0c-d118-4c43-ab3d-ece30ac81fb3
Version 1.0.2
details on versioning
Category Backup
Microsoft docs
Description Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific categories are not enabled, a new diagnostic setting is created.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-17 14:28:42 change Version remains equal, old suffix: preview (1.0.2-preview > 1.0.2)
2021-02-10 14:43:58 change Patch, suffix remains equal (1.0.1-preview > 1.0.2-preview)
2020-02-12 02:52:44 add c717fb0c-d118-4c43-ab3d-ece30ac81fb3
Used in Initiatives none
JSON Changes

JSON
{
  "properties": {
    "displayName": "Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific categories are not enabled, a new diagnostic setting is created.",
    "metadata": {
      "version": "1.0.2",
      "category": "Backup"
    },
    "parameters": {
      "profileName": {
        "type": "String",
        "metadata": {
          "displayName": "Profile name",
          "description": "The diagnostic settings profile name"
        },
        "defaultValue": "setbypolicy_logAnalytics"
      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics workspace",
          "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      },
      "tagName": {
        "type": "String",
        "metadata": {
          "displayName": "Exclusion Tag Name",
          "description": "Name of the tag to use for excluding vaults from this policy. This should be used along with the Exclusion Tag Value parameter."
        },
        "defaultValue": ""
      },
      "tagValue": {
        "type": "String",
        "metadata": {
          "displayName": "Exclusion Tag Value",
          "description": "Value of the tag to use for excluding vaults from this policy. This should be used along with the Exclusion Tag Name parameter."
        },
        "defaultValue": ""
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.RecoveryServices/vaults"
          },
          {
            "not": {
            "field": "[concat('tags[',parameters('tagName'), ']')]",
            "equals": "[parameters('tagValue')]"
            }
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.Insights/diagnosticSettings",
          "existenceCondition": {
            "allof": [
              {
                "count": {
                "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
                  "where": {
                    "allof": [
                      {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].Category",
                        "in": [
                          "CoreAzureBackup",
                          "AddonAzureBackupJobs",
                          "AddonAzureBackupAlerts",
                          "AddonAzureBackupPolicy",
                          "AddonAzureBackupStorage",
                          "AddonAzureBackupProtectedInstance"
                        ]
                      },
                      {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].Enabled",
                        "equals": "True"
                      }
                    ]
                  }
                },
                "Equals": 6
              },
              {
                "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
                "notEquals": ""
              },
              {
                "field": "Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType",
                "equals": "Dedicated"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
            "/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vaultName": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  },
                  "profileName": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.RecoveryServices/vaults/providers/diagnosticSettings",
                    "apiVersion": "2017-05-01-preview",
                  "name": "[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
                    "dependsOn": [
                      
                    ],
                    "properties": {
                    "workspaceId": "[parameters('logAnalytics')]",
                      "logAnalyticsDestinationType": "Dedicated",
                      "metrics": [
                        
                      ],
                      "logs": [
                        {
                          "category": "CoreAzureBackup",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupAlerts",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupJobs",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupPolicy",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupProtectedInstance",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupStorage",
                          "enabled": "true"
                        }
                      ]
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat(parameters('logAnalytics'), 'configured for resource logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]"
                  }
                }
              },
              "parameters": {
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                },
                "vaultName": {
                "value": "[field('name')]"
                },
                "profileName": {
                "value": "[parameters('profileName')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c717fb0c-d118-4c43-ab3d-ece30ac81fb3"
}