AzPolicyAdvertizer

last sync: 2025-Aug-20 17:22:59 UTC

Audit enabling of diagnostic logs in Event Hub

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy fc64cb3d-51bb-4985-b164-076ff1f88e8e (1.0.0) to Azure
Display name Audit enabling of diagnostic logs in Event Hub
Id fc64cb3d-51bb-4985-b164-076ff1f88e8e
Version 1.0.0
Details on versioning
Category Monitoring
Microsoft Learn
Description Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised
Mode Indexed
Type Custom Community
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.days True False
Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled microsoft.insights diagnosticSettings properties.logs[*].retentionPolicy.enabled True False
Rule resource types IF (1)
Microsoft.EventHub/namespaces
JSON
EPAC
Deploy policy fc64cb3d-51bb-4985-b164-076ff1f88e8e (1.0.0) to Azure