AzInitiativeAdvertizer

last sync: 2024-Apr-22 16:33:19 UTC

Enable audit category group resource logging for supported resources to storage

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameEnable audit category group resource logging for supported resources to storage
Id8d723fb6-6680-45be-9d37-b1a4adb52207
Version1.0.0
Details on versioning
CategoryMonitoring
Microsoft Learn
DescriptionResource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the audit category group to route logs to storage for all supported resources.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 33
Builtin Policies: 33
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
Enable logging by category group for API Management services (microsoft.apimanagement/service) to Storage 6f3f5778-f809-4755-9d8f-bd5a5a7add85 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for App Configuration (microsoft.appconfiguration/configurationstores) to Storage 2e8a8853-917a-4d26-9c3a-c92a7fa031e8 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Attestation providers (microsoft.attestation/attestationproviders) to Storage 39741c6f-5e8b-4511-bba4-6662d0e0e2ac Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Automation Accounts (microsoft.automation/automationaccounts) to Storage 07c818eb-df75-4465-9233-6a8667e86670 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Storage 50cebe4c-8021-4f07-bcb2-6c80622444a9 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Azure Cache for Redis (microsoft.cache/redis) to Storage d3e11828-02c8-40d2-a518-ad01508bb4d7 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Storage 0f708273-cf83-4d29-b31b-ebaf8d0eb8c2 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Azure Machine Learning (microsoft.machinelearningservices/workspaces) to Storage a8de4d0a-d637-4684-b70e-6df73b74d117 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Bastions (microsoft.network/bastionhosts) to Storage be9259e2-a221-4411-84fd-dd22c6691653 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Storage 14e81583-c89c-47db-af0d-f9ddddcccd9f Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Storage 106cd3bd-50a1-466c-869f-f9c2d310477b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Storage 03a087c0-b49f-4440-9ae5-013703eccc8c Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Storage f873a711-0322-4744-8322-7e62950fbec2 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Storage fcfe6bfa-dd36-40ef-ab2b-ed46f7d4abdb Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Storage e20f31d7-6b6d-4644-962a-ae513a85ab0b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Front Door and CDN profiles (microsoft.cdn/profiles) to Storage 9f4e810a-899e-4e5e-8174-abfcf15739a3 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Front Door and CDN profiles (microsoft.network/frontdoors) to Storage d147ba9f-3e17-40b1-9c23-3bca478ba804 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for IoT Hub (microsoft.devices/iothubs) to Storage 94d707a8-ce27-4851-9ce2-07dfe96a095b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage edf35972-ed56-4c2f-a4a1-65f0471ba702 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Storage fe85de62-a656-4b79-9d94-d95c89319bd9 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Storage 5a6186f9-04a4-4320-b6ed-a1c3f2ebbc3b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Media Services (microsoft.media/mediaservices) to Storage 0925a080-ab8d-44a1-a39c-61e184b4d8f9 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Microsoft Purview accounts (microsoft.purview/accounts) to Storage fc66c506-9397-485e-9451-acc1525f0070 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for microsoft.network/p2svpngateways to Storage 00ec9865-beb6-4cfd-82ed-bd8f50756acd Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Storage 39aa567d-69c2-4cc0-aaa9-76c6d4006b14 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Storage 3dd58519-427e-42a4-8ffc-e415a3c716f1 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for SignalR (microsoft.signalrservice/signalr) to Storage 0e0c742d-5031-4e65-bf96-1bee7cf55740 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for SQL databases (microsoft.sql/servers/databases) to Storage 8656d368-0643-4374-a63f-ae0ed4da1d9a Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Storage 40654dcd-0b26-49d6-aeaf-d12d7c1e8c4d Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Video Analyzers (microsoft.media/videoanalyzers) to Storage f08edf17-5de2-4966-8c62-a50a3f4368ff Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Virtual network gateways (microsoft.network/virtualnetworkgateways) to Storage b4a9c220-1d62-4163-a17b-30db7d5b7278 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to Storage 20f21bc7-b0b8-4d57-83df-5a8a0912b934 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage bf6af3d2-fbd5-458f-8a40-2556cf539b45 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled		 1 Log Analytics Contributor GA
Roles used Total Roles usage: 33
Total Roles unique usage: 1
Role Role Id Policies count Policies
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 33 Enable logging by category group for API Management services (microsoft.apimanagement/service) to Storage, Enable logging by category group for App Configuration (microsoft.appconfiguration/configurationstores) to Storage, Enable logging by category group for Attestation providers (microsoft.attestation/attestationproviders) to Storage, Enable logging by category group for Automation Accounts (microsoft.automation/automationaccounts) to Storage, Enable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Storage, Enable logging by category group for Azure Cache for Redis (microsoft.cache/redis) to Storage, Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Storage, Enable logging by category group for Azure Machine Learning (microsoft.machinelearningservices/workspaces) to Storage, Enable logging by category group for Bastions (microsoft.network/bastionhosts) to Storage, Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Storage, Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Storage, Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Storage, Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Storage, Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Storage, Enable logging by category group for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Storage, Enable logging by category group for Front Door and CDN profiles (microsoft.cdn/profiles) to Storage, Enable logging by category group for Front Door and CDN profiles (microsoft.network/frontdoors) to Storage, Enable logging by category group for IoT Hub (microsoft.devices/iothubs) to Storage, Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage, Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Storage, Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Storage, Enable logging by category group for Media Services (microsoft.media/mediaservices) to Storage, Enable logging by category group for Microsoft Purview accounts (microsoft.purview/accounts) to Storage, Enable logging by category group for microsoft.network/p2svpngateways to Storage, Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Storage, Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Storage, Enable logging by category group for SignalR (microsoft.signalrservice/signalr) to Storage, Enable logging by category group for SQL databases (microsoft.sql/servers/databases) to Storage, Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Storage, Enable logging by category group for Video Analyzers (microsoft.media/videoanalyzers) to Storage, Enable logging by category group for Virtual network gateways (microsoft.network/virtualnetworkgateways) to Storage, Enable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to Storage, Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage
History
Date/Time (UTC ymd) (i) Changes
2023-02-16 18:41:09 add Initiative 8d723fb6-6680-45be-9d37-b1a4adb52207
JSON compare n/a
JSON
api-version=2021-06-01
EPAC