AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

Deploy a Flow Log resource with target virtual network

Azure BuiltIn Policy definition

Source Azure Portal
Display name Deploy a Flow Log resource with target virtual network
Id cd6f7aff-2845-4dab-99f2-6d1754a754b0
Version 1.1.1
Details on versioning
Versioning Versions supported for Versioning: 3
1.1.1
1.1.0
1.0.0
Built-in Versioning [Preview]
Category Network
Microsoft Learn
Description Configures flow log for specific virtual network. It will allow to log information about IP traffic flowing through an virtual network. Flow log helps to identify unknown or undesired traffic, verify network isolation and compliance with enterprise access rules, analyze network flows from compromised IPs and network interfaces.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: d76e3798-ff8d-4f0f-996c-12e275a58b9f
DisplayName: Flows logs should be enabled on Virtual Networks
Description: Defender for Cloud identified Virtual Networks without enabled flow logs. Enabling flow logs allows to log information about IP traffic flowing through virtual network. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more. Without Flow Logs it is not possible to know the current state of the network, who's connecting, and where users are connecting from.
Remediation description: To enable Flow Log on Virtual Network:
1. In the Azure portal, navigate to your virtual network.
2. Under 'Monitoring', select 'Virtual network flow logs'.
3. Select '+ Create' or 'Create flow log' blue button.

For more details, follow the instructions.

Important: Flow Logs are billed separately from virtual networks and Defender for Cloud. Learn more about Network Watcher pricing.
Categories: Networking
Severity: Low
User impact: Low
Implementation effort: Low
Threats: DataExfiltration, ThreatResistance
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule aliases THEN-Details (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/virtualNetworks/flowLogs Microsoft.Network virtualNetworks properties.flowLogs True False
Microsoft.Network/virtualNetworks/flowLogs[*].id Microsoft.Network virtualNetworks properties.flowLogs[*].id True False
THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled Microsoft.Network networkWatchers/flowLogs properties.enabled True False
Microsoft.Network/networkWatchers/flowLogs/storageId Microsoft.Network networkWatchers/flowLogs properties.storageId True False
Rule resource types IF (1)
THEN-Deployment (2)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-02-13 19:27:15 change Patch (1.1.0 > 1.1.1)
2024-01-12 18:35:06 change Minor (1.0.0 > 1.1.0)
2023-04-06 17:42:16 add cd6f7aff-2845-4dab-99f2-6d1754a754b0
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC