AzInitiativeAdvertizer

last sync: 2024-Jul-26 18:18:00 UTC

[Preview]: Control the use of diagnostic settings for specific resources in a Virtual Enclave

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Control the use of diagnostic settings for specific resources in a Virtual Enclave
Id0a9ea1cb-7925-47fc-b0fe-8bb0a8190423
Version1.0.0-preview
Details on versioning
CategoryVirtualEnclaves
Microsoft Learn
DescriptionThis initiative deploys Azure policies to ensure configuration of specific resource types in Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 25
Builtin Policies: 25
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Configure Azure SQL database servers diagnostic settings to Log Analytics workspace 7ea8a143-05e3-4553-abfe-f56bef8b0b70 SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, SQL Security Manager GA
Configure diagnostic settings for Azure Network Security Groups to Log Analytics workspace 98a2e215-5382-489e-bd29-32e7190a39ba Network Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Configure diagnostic settings for Blob Services to Log Analytics workspace b4fe1a3b-0715-4c6c-a5ea-ffc33cf823cb Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Configure diagnostic settings for File Services to Log Analytics workspace 25a70cc8-2bd4-47f1-90b6-1478e4662c96 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Configure diagnostic settings for Queue Services to Log Analytics workspace 7bd000e3-37c7-4928-9f31-86c4b77c5c45 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Configure diagnostic settings for Storage Accounts to Log Analytics workspace 59759c62-9a22-4cdf-ae64-074495983fef Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Configure diagnostic settings for Table Services to Log Analytics workspace 2fb86bf3-d221-43d1-96d1-2434af34eaa0 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace 6c66c325-74c8-42fd-a286-a74b0e2939d8 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace b79fa14e-238a-4c2d-b376-442ce508fc84 SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Deploy Diagnostic Settings for Key Vault to Log Analytics workspace bef3f64c-5290-43b7-85b0-9b254eef4c47 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace b889a06c-ec72-4b03-910a-cb169ee18721 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Log Analytics Contributor, Monitoring Contributor GA
Enable logging by category group for App Service (microsoft.web/sites) to Log Analytics c0d8e23a-47be-4032-961f-8b0ff3957061 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Application group (microsoft.desktopvirtualization/applicationgroups) to Log Analytics 3aa571d2-2e4f-4e92-8a30-4312860efbe1 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Application Insights (Microsoft.Insights/components) to Log Analytics (Virtual Enclaves) 244bcb20-b194-41f3-afcc-63aef382b64c Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Azure Cosmos DB (microsoft.documentdb/databaseaccounts) to Log Analytics 45c6bfc7-4520-4d64-a158-730cd92eedbc Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Log Analytics 56288eb2-4350-461d-9ece-2bb242269dce Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Firewall (microsoft.network/azurefirewalls) to Log Analytics a4490248-cb97-4504-b7fb-f906afdb7437 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Function App (microsoft.web/sites) to Log Analytics e9c22e0d-1f03-44da-a9d5-a9754ea53dc4 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Host pool (microsoft.desktopvirtualization/hostpools) to Log Analytics 6f95136f-6544-4722-a354-25a18ddb18a7 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Log Analytics 818719e5-1338-4776-9a9d-3c31e4df5986 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for PostgreSQL flexible server (microsoft.dbforpostgresql/flexibleservers) to Log Analytics cdd1dbc6-0004-4fcd-afd7-b67550de37ff Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Log Analytics 1513498c-3091-461a-b321-e9b433218d28 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Log Analytics 0277b2d5-6e6f-4d97-9929-a5c4eab56fd7 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Log Analytics 8fc4ca5f-6abc-4b30-9565-0bd91ac49420 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Workspace (microsoft.desktopvirtualization/workspaces) to Log Analytics 6bb23bce-54ea-4d3d-b07d-628ce0f2e4e3 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Roles used Total Roles usage: 36
Total Roles unique usage: 3
Role Role Id Policies count Policies
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3 1 Configure Azure SQL database servers diagnostic settings to Log Analytics workspace
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa 10 Configure diagnostic settings for Azure Network Security Groups to Log Analytics workspace, Configure diagnostic settings for Blob Services to Log Analytics workspace, Configure diagnostic settings for File Services to Log Analytics workspace, Configure diagnostic settings for Queue Services to Log Analytics workspace, Configure diagnostic settings for Storage Accounts to Log Analytics workspace, Configure diagnostic settings for Table Services to Log Analytics workspace, Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace, Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace, Deploy Diagnostic Settings for Key Vault to Log Analytics workspace, Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 25 Configure Azure SQL database servers diagnostic settings to Log Analytics workspace, Configure diagnostic settings for Azure Network Security Groups to Log Analytics workspace, Configure diagnostic settings for Blob Services to Log Analytics workspace, Configure diagnostic settings for File Services to Log Analytics workspace, Configure diagnostic settings for Queue Services to Log Analytics workspace, Configure diagnostic settings for Storage Accounts to Log Analytics workspace, Configure diagnostic settings for Table Services to Log Analytics workspace, Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace, Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace, Deploy Diagnostic Settings for Key Vault to Log Analytics workspace, Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace, Enable logging by category group for App Service (microsoft.web/sites) to Log Analytics, Enable logging by category group for Application group (microsoft.desktopvirtualization/applicationgroups) to Log Analytics, Enable logging by category group for Application Insights (Microsoft.Insights/components) to Log Analytics (Virtual Enclaves), Enable logging by category group for Azure Cosmos DB (microsoft.documentdb/databaseaccounts) to Log Analytics, Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Log Analytics, Enable logging by category group for Firewall (microsoft.network/azurefirewalls) to Log Analytics, Enable logging by category group for Function App (microsoft.web/sites) to Log Analytics, Enable logging by category group for Host pool (microsoft.desktopvirtualization/hostpools) to Log Analytics, Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Log Analytics, Enable logging by category group for PostgreSQL flexible server (microsoft.dbforpostgresql/flexibleservers) to Log Analytics, Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Log Analytics, Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Log Analytics, Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Log Analytics, Enable logging by category group for Workspace (microsoft.desktopvirtualization/workspaces) to Log Analytics
History
Date/Time (UTC ymd) (i) Changes
2024-02-23 19:01:26 add Initiative 0a9ea1cb-7925-47fc-b0fe-8bb0a8190423
JSON compare n/a
JSON
api-version=2021-06-01
EPAC