AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

SQL Server Auditing Settings must log to specified Workspace

Name SQL Server Auditing Settings must log to specified Workspace
Community-Policy GitHub
Id sql_sql-server-auditing-settings-must-log-to-specified-workspace
Version n/a
details on versioning
Category undefined
Microsoft docs
Description This compliments an existing built-in Policy: https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/DataConnectosSqServerLogs_PolicyAssignment.json. This Policy is designed to detect if the Workspace configured for your audit settings has been changed and if so, change them back.
Mode Indexed
Type Custom Community
Effect Fixed
DeployIfNotExists
Used RBAC Role
Role Name Role Id
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Rule Aliases THEN-ExistenceCondition (4)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Insights/diagnosticSettings/logs[*] microsoft.insights diagnosticSettings properties.logs[*] false
Microsoft.Insights/diagnosticSettings/logs[*].category microsoft.insights diagnosticSettings properties.logs[*].category false
Microsoft.Insights/diagnosticSettings/logs[*].enabled microsoft.insights diagnosticSettings properties.logs[*].enabled false
Microsoft.Insights/diagnosticSettings/workspaceId microsoft.insights diagnosticSettings properties.workspaceId false
Rule ResourceTypes IF (1)
Microsoft.Sql/servers/databases
JSON