Monitoring - oWretch/policy GitHub Wiki
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Monitoring |
[Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines This policy audits Linux Azure Arc machines if the Log Analytics extension is not installed. |
AuditIfNotExists Disabled |
||||||||
| Monitoring |
[Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines This policy audits Windows Azure Arc machines if the Log Analytics extension is not installed. |
Disabled AuditIfNotExists |
||||||||
| Monitoring |
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines Security Center uses the Microsoft Dependency agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats. |
AuditIfNotExists Disabled |
||||||||
| Monitoring |
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines Security Center uses the Microsoft Dependency agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats. |
AuditIfNotExists Disabled |
||||||||
| Monitoring |
Configure Azure Monitor Private Link Scope to use private DNS zones Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Monitor private link scope. Learn more at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security#connect-to-a-private-endpoint. |
DeployIfNotExists Disabled |
||||||||
| Monitoring |
Configure Dependency agent on Azure Arc enabled Linux servers with Azure Monitoring Agent settings Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Dependency agent on Azure Arc enabled Windows servers with Azure Monitoring Agent settings Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Linux Arc-enabled machines to run Azure Monitor Agent Automate the deployment of Azure Monitor Agent extension on your Linux Arc-enabled machines for collecting telemetry data from the guest OS. This policy will install the extension if the region is supported. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Linux Machines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Linux virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Windows Arc-enabled machines to run Azure Monitor Agent Automate the deployment of Azure Monitor Agent extension on your Windows Arc-enabled machines for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Windows Machines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Windows virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Windows virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Configure Windows virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Windows virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Deploy Activity Log LA Workspace Delete Alert Policy to Deploy Activity Log LA Workspace Delete Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Activity Log LA Workspace Regenerate Key Alert Policy to Deploy Activity Log LA Workspace Regenerate Key Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Activity Log Storage Account Delete Alert Policy to Deploy Activity Log Storage Account Delete Alert |
deployIfNotExists disabled |
deployIfNotExists disabled |
deployIfNotExists disabled |
||||||
| Monitoring |
Deploy AMBA Notification Assets Policy to deploy Action Group and Alert Processing Rule for all AMBA alerts |
deployIfNotExists | ||||||||
| Monitoring |
Deploy AMBA Notification Suppression Asset Policy to deploy empty and disabled suppression Alert Processing Rule for all AMBA alerts |
deployIfNotExists | ||||||||
| Monitoring |
Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machine scale sets with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss update-instances. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Linux virtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Deploy Dependency agent to be enabled on Windows virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machine scale sets with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. If your scale set upgradePolicy is set to Manual, you need to apply the extension to all the virtual machines in the set by updating them. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Deploy Dependency agent to be enabled on Windows virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machines with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Monitoring |
Deploy LA Workspace Daily Cap Limit Reached Alert Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Resource Health Unhealthy Alert Policy to Deploy Resource Health Unhealthy Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Service Health Action Group Policy to deploy action group for Service Health alerts |
deployIfNotExists | ||||||||
| Monitoring |
Deploy Service Health Advisory Alert Policy to Deploy Service Health Advisory Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Service Health Incident Alert Policy to Deploy Service Health Incident Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Service Health Maintenance Alert Policy to Deploy Service Health Maintenance Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Deploy Service Health Security Advisory Alert Policy to Deploy Service Health Security Advisory Alert |
deployIfNotExists disabled |
||||||||
| Monitoring |
Enable logging by category group for 1ES Hosted Pools (microsoft.cloudtest/hostedpools) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for 1ES Hosted Pools (microsoft.cloudtest/hostedpools). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Analysis Services (microsoft.analysisservices/servers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Analysis Services (microsoft.analysisservices/servers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for API Management services (microsoft.apimanagement/service) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for API Management services (microsoft.apimanagement/service). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for App Configuration (microsoft.appconfiguration/configurationstores) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for App Configuration (microsoft.appconfiguration/configurationstores). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for App Service Environments (microsoft.web/hostingenvironments) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for App Service Environments (microsoft.web/hostingenvironments). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Application gateways (microsoft.network/applicationgateways) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Application gateways (microsoft.network/applicationgateways). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Application groups (microsoft.desktopvirtualization/applicationgroups) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Application groups (microsoft.desktopvirtualization/applicationgroups). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Application Insights (microsoft.insights/components) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Application Insights (microsoft.insights/components). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Attestation providers (microsoft.attestation/attestationproviders) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Attestation providers (microsoft.attestation/attestationproviders). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Automation Accounts (microsoft.automation/automationaccounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Automation Accounts (microsoft.automation/automationaccounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for AVS Private clouds (microsoft.avs/privateclouds). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure AD Domain Services (microsoft.aad/domainservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure AD Domain Services (microsoft.aad/domainservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure API for FHIR (microsoft.healthcareapis/services) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure API for FHIR (microsoft.healthcareapis/services). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Cache for Redis (microsoft.cache/redis) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Cache for Redis (microsoft.cache/redis). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Data Explorer Clusters (microsoft.kusto/clusters) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Data Explorer Clusters (microsoft.kusto/clusters). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Database for MariaDB servers (microsoft.dbformariadb/servers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Database for MariaDB servers (microsoft.dbformariadb/servers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Database for MySQL servers (microsoft.dbformysql/servers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Database for MySQL servers (microsoft.dbformysql/servers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Databricks Services (microsoft.databricks/workspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Databricks Services (microsoft.databricks/workspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure FarmBeats (microsoft.agfoodplatform/farmbeats). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Load Testing (microsoft.loadtestservice/loadtests) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Load Testing (microsoft.loadtestservice/loadtests). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Machine Learning (microsoft.machinelearningservices/workspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Machine Learning (microsoft.machinelearningservices/workspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Managed Grafana (microsoft.dashboard/grafana) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Managed Grafana (microsoft.dashboard/grafana). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Spring Apps (microsoft.appplatform/spring) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Spring Apps (microsoft.appplatform/spring). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Synapse Analytics (microsoft.synapse/workspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Synapse Analytics (microsoft.synapse/workspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Azure Video Indexer (microsoft.videoindexer/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Video Indexer (microsoft.videoindexer/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Backup vaults (microsoft.dataprotection/backupvaults) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Backup vaults (microsoft.dataprotection/backupvaults). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Bastions (microsoft.network/bastionhosts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Bastions (microsoft.network/bastionhosts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Batch accounts (microsoft.batch/batchaccounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Batch accounts (microsoft.batch/batchaccounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Bot Services (microsoft.botservice/botservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Bot Services (microsoft.botservice/botservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Caches (microsoft.cache/redisenterprise/databases) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Caches (microsoft.cache/redisenterprise/databases). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Chaos Experiments (microsoft.chaos/experiments) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Chaos Experiments (microsoft.chaos/experiments). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Code Signing Accounts (microsoft.codesigning/codesigningaccounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Code Signing Accounts (microsoft.codesigning/codesigningaccounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Cognitive Services (microsoft.cognitiveservices/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Communication Services (microsoft.communication/communicationservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Communication Services (microsoft.communication/communicationservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Connected Cache Resources (microsoft.connectedcache/ispcustomers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Connected Cache Resources (microsoft.connectedcache/ispcustomers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Container Apps Environments (microsoft.app/managedenvironments) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Container Apps Environments (microsoft.app/managedenvironments). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Container instances (microsoft.containerinstance/containergroups) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Container instances (microsoft.containerinstance/containergroups). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Container registries (microsoft.containerregistry/registries). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Data collection rules (microsoft.insights/datacollectionrules) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data collection rules (microsoft.insights/datacollectionrules). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Data factories (V2) (microsoft.datafactory/factories) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data factories (V2) (microsoft.datafactory/factories). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Data Lake Analytics (microsoft.datalakeanalytics/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data Lake Analytics (microsoft.datalakeanalytics/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Data Lake Storage Gen1 (microsoft.datalakestore/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data Lake Storage Gen1 (microsoft.datalakestore/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Data Shares (microsoft.datashare/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data Shares (microsoft.datashare/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Dev centers (microsoft.devcenter/devcenters) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Dev centers (microsoft.devcenter/devcenters). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for DICOM service (microsoft.healthcareapis/workspaces/dicomservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for DICOM service (microsoft.healthcareapis/workspaces/dicomservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Endpoints (microsoft.cdn/profiles/endpoints) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Endpoints (microsoft.cdn/profiles/endpoints). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Domains (microsoft.eventgrid/domains). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Grid Partner Topics (microsoft.eventgrid/partnertopics) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Partner Topics (microsoft.eventgrid/partnertopics). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Grid System Topics (microsoft.eventgrid/systemtopics) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid System Topics (microsoft.eventgrid/systemtopics). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Grid Topics (microsoft.eventgrid/topics). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event Hubs Namespaces (microsoft.eventhub/namespaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Experiment Workspaces (microsoft.experimentation/experimentworkspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Experiment Workspaces (microsoft.experimentation/experimentworkspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for ExpressRoute circuits (microsoft.network/expressroutecircuits) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for ExpressRoute circuits (microsoft.network/expressroutecircuits). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for FHIR service (microsoft.healthcareapis/workspaces/fhirservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for FHIR service (microsoft.healthcareapis/workspaces/fhirservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Firewalls (microsoft.network/azurefirewalls) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Firewalls (microsoft.network/azurefirewalls). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Front Door and CDN profiles (microsoft.cdn/profiles) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Front Door and CDN profiles (microsoft.cdn/profiles). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Front Door and CDN profiles (microsoft.network/frontdoors) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Front Door and CDN profiles (microsoft.network/frontdoors). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Host pools (microsoft.desktopvirtualization/hostpools) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Host pools (microsoft.desktopvirtualization/hostpools). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for HPC caches (microsoft.storagecache/caches) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for HPC caches (microsoft.storagecache/caches). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Integration accounts (microsoft.logic/integrationaccounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Integration accounts (microsoft.logic/integrationaccounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for IoT Hub (microsoft.devices/iothubs) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for IoT Hub (microsoft.devices/iothubs). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Key vaults (microsoft.keyvault/vaults). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Live events (microsoft.media/mediaservices/liveevents) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Live events (microsoft.media/mediaservices/liveevents). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Load balancers (microsoft.network/loadbalancers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Load balancers (microsoft.network/loadbalancers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Log Analytics workspaces (microsoft.operationalinsights/workspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Logic apps (microsoft.logic/workflows) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Logic apps (microsoft.logic/workflows). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Managed CCF Apps (microsoft.confidentialledger/managedccfs) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Managed CCF Apps (microsoft.confidentialledger/managedccfs). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Managed databases (microsoft.sql/managedinstances/databases) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Managed databases (microsoft.sql/managedinstances/databases). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Managed HSMs (microsoft.keyvault/managedhsms). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Media Services (microsoft.media/mediaservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Media Services (microsoft.media/mediaservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for MedTech service (microsoft.healthcareapis/workspaces/iotconnectors) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for MedTech service (microsoft.healthcareapis/workspaces/iotconnectors). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Microsoft Purview accounts (microsoft.purview/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Microsoft Purview accounts (microsoft.purview/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.autonomousdevelopmentplatform/workspaces to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.autonomousdevelopmentplatform/workspaces. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.azuresphere/catalogs to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.azuresphere/catalogs. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.cdn/cdnwebapplicationfirewallpolicies to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.cdn/cdnwebapplicationfirewallpolicies. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.classicnetwork/networksecuritygroups to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.classicnetwork/networksecuritygroups. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.community/communitytrainings to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.community/communitytrainings. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.connectedcache/enterprisemcccustomers to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.connectedcache/enterprisemcccustomers. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.customproviders/resourceproviders to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.customproviders/resourceproviders. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.d365customerinsights/instances to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.d365customerinsights/instances. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.dbformysql/flexibleservers to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.dbformysql/flexibleservers. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.dbforpostgresql/flexibleservers to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.dbforpostgresql/flexibleservers. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.dbforpostgresql/servergroupsv2 to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.dbforpostgresql/servergroupsv2. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.dbforpostgresql/servers to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.dbforpostgresql/servers. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.devices/provisioningservices to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.devices/provisioningservices. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.documentdb/cassandraclusters to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.documentdb/cassandraclusters. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.documentdb/mongoclusters to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.documentdb/mongoclusters. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.insights/autoscalesettings to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.insights/autoscalesettings. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.machinelearningservices/registries to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.machinelearningservices/registries. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.machinelearningservices/workspaces/onlineendpoints to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.machinelearningservices/workspaces/onlineendpoints. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.managednetworkfabric/networkdevices to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.managednetworkfabric/networkdevices. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.network/dnsresolverpolicies to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.network/dnsresolverpolicies. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.network/networkmanagers/ipampools to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.network/networkmanagers/ipampools. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.network/networksecurityperimeters to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.network/networksecurityperimeters. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.network/p2svpngateways to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.network/p2svpngateways. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.network/vpngateways to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.network/vpngateways. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.networkanalytics/dataproducts to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.networkanalytics/dataproducts. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.networkcloud/baremetalmachines to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.networkcloud/baremetalmachines. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.networkcloud/clusters to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.networkcloud/clusters. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.networkcloud/storageappliances to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.networkcloud/storageappliances. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.networkfunction/azuretrafficcollectors to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.networkfunction/azuretrafficcollectors. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.notificationhubs/namespaces/notificationhubs to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.notificationhubs/namespaces/notificationhubs. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.openenergyplatform/energyservices to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.openenergyplatform/energyservices. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.powerbi/tenants/workspaces to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.powerbi/tenants/workspaces. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.servicenetworking/trafficcontrollers to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.servicenetworking/trafficcontrollers. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.synapse/workspaces/kustopools to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.synapse/workspaces/kustopools. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.timeseriesinsights/environments to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.timeseriesinsights/environments. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.timeseriesinsights/environments/eventsources to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.timeseriesinsights/environments/eventsources. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for microsoft.workloads/sapvirtualinstances to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for microsoft.workloads/sapvirtualinstances. |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Network Managers (microsoft.network/networkmanagers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Network Managers (microsoft.network/networkmanagers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Network security groups (microsoft.network/networksecuritygroups) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Network security groups (microsoft.network/networksecuritygroups). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Notification Hub Namespaces (microsoft.notificationhubs/namespaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Notification Hub Namespaces (microsoft.notificationhubs/namespaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Playwright Testing (microsoft.azureplaywrightservice/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Playwright Testing (microsoft.azureplaywrightservice/accounts). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Power BI Embedded (microsoft.powerbidedicated/capacities) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Power BI Embedded (microsoft.powerbidedicated/capacities). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Public IP addresses (microsoft.network/publicipaddresses). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Public IP Prefixes (microsoft.network/publicipprefixes) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Public IP Prefixes (microsoft.network/publicipprefixes). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Recovery Services vaults (microsoft.recoveryservices/vaults) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Recovery Services vaults (microsoft.recoveryservices/vaults). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Relays (microsoft.relay/namespaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Relays (microsoft.relay/namespaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Scaling plans (microsoft.desktopvirtualization/scalingplans) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Scaling plans (microsoft.desktopvirtualization/scalingplans). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for SCOPE pools (microsoft.synapse/workspaces/scopepools) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for SCOPE pools (microsoft.synapse/workspaces/scopepools). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Search services (microsoft.search/searchservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Search services (microsoft.search/searchservices). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Service Bus Namespaces (microsoft.servicebus/namespaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for SignalR (microsoft.signalrservice/signalr) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for SignalR (microsoft.signalrservice/signalr). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for SQL databases (microsoft.sql/servers/databases) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for SQL databases (microsoft.sql/servers/databases). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for SQL managed instances (microsoft.sql/managedinstances). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Storage movers (microsoft.storagemover/storagemovers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Storage movers (microsoft.storagemover/storagemovers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Stream Analytics jobs (microsoft.streamanalytics/streamingjobs) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Stream Analytics jobs (microsoft.streamanalytics/streamingjobs). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Video Analyzers (microsoft.media/videoanalyzers) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Video Analyzers (microsoft.media/videoanalyzers). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Virtual network gateways (microsoft.network/virtualnetworkgateways) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Virtual network gateways (microsoft.network/virtualnetworkgateways). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Virtual networks (microsoft.network/virtualnetworks) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Virtual networks (microsoft.network/virtualnetworks). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Web PubSub Service (microsoft.signalrservice/webpubsub). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
||||||||
| Monitoring |
Enable logging by category group for Workspaces (microsoft.desktopvirtualization/workspaces) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Workspaces (microsoft.desktopvirtualization/workspaces). |
SetByParameter Disabled AuditIfNotExists DeployIfNotExists |
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Monitoring |
Configure Azure Monitor Private Link Scope to use private DNS zones Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Azure Monitor private link scope. Learn more at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security#connect-to-a-private-endpoint. |
azureMonitorPrivateDnsZoneId1 = --DNSZonePrefix--privatelink.monitor.az...azureMonitorPrivateDnsZoneId5 = --DNSZonePrefix--privatelink.blob.core....azureMonitorPrivateDnsZoneId2 = --DNSZonePrefix--privatelink.oms.opinsi...azureMonitorPrivateDnsZoneId4 = --DNSZonePrefix--privatelink.agentsvc.a...azureMonitorPrivateDnsZoneId3 = --DNSZonePrefix--privatelink.ods.opinsi...
|
||||||||
| Monitoring |
Configure Dependency agent on Azure Arc enabled Windows servers with Azure Monitoring Agent settings Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and discovered data about processes running on the machine and external process dependencies. See more - https://aka.ms/vminsightsdocs. |
enableProcessesAndDependencies = true
|
||||||||
| Monitoring |
Configure Linux Machines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased. |
dcrResourceId = `` | dcrResourceId = `` | |||||||
| Monitoring |
Configure Linux virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
scopeToSupportedImages = falselistOfImageIdToInclude_linux = []
|
||||||||
| Monitoring |
Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
scopeToSupportedImages = falselistOfImageIdToInclude_linux = []
|
||||||||
| Monitoring |
Configure Windows virtual machine scale sets to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Windows virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
listOfImageIdToInclude_windows = []
|
||||||||
| Monitoring |
Configure Windows virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Windows virtual machines for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. |
listOfImageIdToInclude_windows = []
|
||||||||
| Monitoring |
Deploy Activity Log LA Workspace Delete Alert Policy to Deploy Activity Log LA Workspace Delete Alert |
ALZMonitorResourceGroupLocation = eastusALZMonitorResourceGroupTags = {"Project":"amba-monitoring"}ALZMonitorDisableTagValues = ["true", "Test", "Dev", "Sandbox"]activityLAWDeleteAlertState = trueALZMonitorResourceGroupName = rg-amba-monitoring-001ALZMonitorDisableTagName = MonitorDisable
|
||||||||
| Monitoring |
Deploy Activity Log LA Workspace Regenerate Key Alert Policy to Deploy Activity Log LA Workspace Regenerate Key Alert |
activityLAWKeyRegenAlertState = true
|
||||||||
| Monitoring |
Deploy Activity Log Storage Account Delete Alert Policy to Deploy Activity Log Storage Account Delete Alert |
StorageAccountDeleteAlertState = true
|
StorageAccountDeleteAlertState = true
|
StorageAccountDeleteAlertState = true
|
||||||
| Monitoring |
Deploy AMBA Notification Assets Policy to deploy Action Group and Alert Processing Rule for all AMBA alerts |
ALZMonitorResourceGroupLocation = eastusALZMonitorDisableTagName = MonitorDisableALZFunctionResourceId = **<br/>BYOActionGroup = **`[]`**<br/>BYOAlertProcessingRule = **ALZMonitorActionGroupEmail = []ALZArmRoleId = []ALZLogicappCallbackUrl = **<br/>ALZWebhookServiceUri = **`[]`**<br/>ALZMonitorDisableTagValues = **`["true", "Test", "Dev", "Sandbox"]`**<br/>ALZMonitorResourceGroupName = **`rg-amba-monitoring-001`**<br/>ALZFunctionTriggerUrl = **ALZEventHubResourceId = []ALZMonitorResourceGroupTags = {"Project":"amba-monitoring"}ALZLogicappResourceId = `` |
||||||||
| Monitoring |
Deploy Dependency agent to be enabled on Windows virtual machine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machine scale sets with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is not installed. If your scale set upgradePolicy is set to Manual, you need to apply the extension to all the virtual machines in the set by updating them. |
enableProcessesAndDependencies = true
|
||||||||
| Monitoring |
Deploy LA Workspace Daily Cap Limit Reached Alert Policy to audit/deploy LA Workspace Daily Cap Limit Reached Alert |
LAWDailyCapLimitThreshold = 0LAWDailyCapLimitAutoMitigate = trueLAWDailyCapLimitWindowSize = PT5MLAWDailyCapLimitEvaluationPeriods = 1LAWDailyCapLimitEvaluationFrequency = PT5MLAWDailyCapLimitOperator = GreaterThanLAWDailyCapLimitFailingPeriods = 1LAWDailyCapLimitSeverity = 1LAWDailyCapLimitAlertState = trueLAWDailyCapLimitTimeAggregation = Count
|
||||||||
| Monitoring |
Deploy Resource Health Unhealthy Alert Policy to Deploy Resource Health Unhealthy Alert |
ResHlthUnhealthyAlertState = true
|
||||||||
| Monitoring |
Deploy Service Health Advisory Alert Policy to Deploy Service Health Advisory Alert |
SvcHlthAdvisoryAlertState = true
|
||||||||
| Monitoring |
Deploy Service Health Incident Alert Policy to Deploy Service Health Incident Alert |
SvcHlthIncidentAlertState = true
|
||||||||
| Monitoring |
Deploy Service Health Maintenance Alert Policy to Deploy Service Health Maintenance Alert |
SvcHlthMaintenanceAlertState = true
|
||||||||
| Monitoring |
Deploy Service Health Security Advisory Alert Policy to Deploy Service Health Security Advisory Alert |
svcHlthSecAdvisoryAlertState = true
|
||||||||
| Monitoring |
Enable logging by category group for Azure AD Domain Services (microsoft.aad/domainservices) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure AD Domain Services (microsoft.aad/domainservices). |
diagnosticSettingName = setByPolicy-LogAnalyticslogAnalytics = `` resourceLocationList = ["*"]
|