last sync: 2020-Aug-07 14:05:09 UTC

Azure Policy

[Preview]: Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.

Policy DisplayName [Preview]: Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.
Policy Id c717fb0c-d118-4c43-ab3d-ece30ac81fb3
Policy Category Monitoring
Policy Description Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific categories are not enabled, a new diagnostic setting is created.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview True
Policy Deprecated FALSE
Policy Effect Fixed: deployIfNotExists
Roles used
Role Name Role Id
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-02-12 02:52:44 add: Policy c717fb0c-d118-4c43-ab3d-ece30ac81fb3
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Preview]: Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Deploy Diagnostic Settings for Recovery Services Vault to stream to Log Analytics workspace for Resource specific categories. If any of the Resource specific categories are not enabled, a new diagnostic setting is created.",
    "metadata": {
      "version": "1.0.0-preview",
      "preview": true,
      "category": "Monitoring"
    },
    "parameters": {
      "profileName": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Profile name",
          "description": "The diagnostic settings profile name"
        },
        "defaultValue": "setbypolicy_logAnalytics"
      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics workspace",
          "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
          "strongType": "omsWorkspace",
          "assignPermissions": true
        }
      },
      "tagName": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Exclusion Tag Name",
          "description": "Name of the tag to use for excluding vaults from this policy. This should be used along with the Exclusion Tag Value parameter."
        },
        "defaultValue": ""
      },
      "tagValue": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Exclusion Tag Value",
          "description": "Value of the tag to use for excluding vaults from this policy. This should be used along with the Exclusion Tag Name parameter."
        },
        "defaultValue": ""
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.RecoveryServices/vaults"
          },
          {
            "not": {
            "field": "[concat('tags[',parameters('tagName'), ']')]",
            "equals": "[parameters('tagValue')]"
            }
          }
        ]
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.Insights/diagnosticSettings",
          "existenceCondition": {
            "allof": [
              {
                "count": {
                "field": "Microsoft.Insights/diagnosticSettings/logs[*]",
                  "where": {
                    "allof": [
                      {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].Category",
                        "in": [
                          "CoreAzureBackup",
                          "AddonAzureBackupJobs",
                          "AddonAzureBackupAlerts",
                          "AddonAzureBackupPolicy",
                          "AddonAzureBackupStorage",
                          "AddonAzureBackupProtectedInstance"
                        ]
                      },
                      {
                      "field": "Microsoft.Insights/diagnosticSettings/logs[*].Enabled",
                        "equals": "True"
                      }
                    ]
                  }
                },
                "Equals": 6
              },
              {
                "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
                "notEquals": ""
              },
              {
                "field": "Microsoft.Insights/diagnosticSettings/logAnalyticsDestinationType",
                "equals": "Dedicated"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
            "/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "vaultName": {
                    "type": "string"
                  },
                  "logAnalytics": {
                    "type": "string"
                  },
                  "profileName": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.RecoveryServices/vaults/providers/diagnosticSettings",
                    "apiVersion": "2017-05-01-preview",
                  "name": "[concat(parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
                    "dependsOn": [
                      
                    ],
                    "properties": {
                    "workspaceId": "[parameters('logAnalytics')]",
                      "logAnalyticsDestinationType": "Dedicated",
                      "metrics": [
                        
                      ],
                      "logs": [
                        {
                          "category": "CoreAzureBackup",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupAlerts",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupJobs",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupPolicy",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupProtectedInstance",
                          "enabled": "true"
                        },
                        {
                          "category": "AddonAzureBackupStorage",
                          "enabled": "true"
                        }
                      ]
                    }
                  }
                ],
                "outputs": {
                  "policy": {
                    "type": "string",
                  "value": "[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('vaultName'), '/', 'Microsoft.Insights/', parameters('profileName'))]"
                  }
                }
              },
              "parameters": {
                "logAnalytics": {
                "value": "[parameters('logAnalytics')]"
                },
                "vaultName": {
                "value": "[field('name')]"
                },
                "profileName": {
                "value": "[parameters('profileName')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c717fb0c-d118-4c43-ab3d-ece30ac81fb3"
}