AzPolicyAdvertizer

last sync: 2023-Jun-01 17:45:04 UTC

Azure Policy definition

Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage

Name

Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage
Azure Portal

edf35972-ed56-4c2f-a4a1-65f0471ba702

Version

1.0.0
details on versioning

Category

Monitoring
Microsoft docs

Description

Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Key vaults (microsoft.keyvault/vaults).

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled

RBAC
Role(s)

Role Name	Role Id
Log Analytics Contributor	92aaf0da-9dab-42b6-94a3-d43ce8d16293

Rule
Aliases

THEN-ExistenceCondition (4)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Insights/diagnosticSettings/logs[*]	microsoft.insights	diagnosticSettings	properties.logs[*]	false
microsoft.insights/diagnosticSettings/logs[*].categoryGroup	microsoft.insights	diagnosticSettings	properties.logs[*].categoryGroup	false
Microsoft.Insights/diagnosticSettings/logs[*].enabled	microsoft.insights	diagnosticSettings	properties.logs[*].enabled	false
Microsoft.Insights/diagnosticSettings/storageAccountId	microsoft.insights	diagnosticSettings	properties.storageAccountId	false

Rule
ResourceTypes

IF (1)
Microsoft.keyvault/vaults

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-02-10 18:41:56	add	edf35972-ed56-4c2f-a4a1-65f0471ba702

Initiatives
usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
Enable audit category group resource logging for supported resources to storage	8d723fb6-6680-45be-9d37-b1a4adb52207	Monitoring	GA	BuiltIn

JSON