Closed baartch closed 3 months ago
@baartch just a heads up, the new policies might be delayed by a few weeks due to some issues with resources not fully supporting diag settings (as per your screenshot, Firewall does not yet expose the "Audit" category).
For your question, there will be separate policies and initiatives, for each of the targets. In total there will be 6 new initiatives, the option of allLogs or only audit logs, and then for each a specific log target (Log Analytics, Event Hub, storage account).
I'm not sure your scenario would be possible (far as I recall you can only choose one option to enforce through policy), would need to test that scenario (assigning two of the initiatives with different targets to the same resources).
Hope that helps.
Closing this as we've deprecated all our diagnostic settings policies and shifted to the PG owned initiative to do the same. Please review https://aka.ms/alz/whatsnew for details.
If you find gaps in diagnostic settings coverage, please add the missing services to this discussion: #1644 as this is where we will track this going forward.
For your use case there are multiple initiative assignments that will enable what you need:
https://www.azadvertizer.net/azpolicyinitiativesadvertizer/85175a36-2f12-419a-96b4-18d5b0096531.html https://www.azadvertizer.net/azpolicyinitiativesadvertizer/b6b86da9-e527-49de-ac59-6af0a9db10b8.html https://www.azadvertizer.net/azpolicyinitiativesadvertizer/b6b86da9-e527-49de-ac59-6af0a9db10b8.html
@Springstone mentioned here, that there will be a complete overhaul of diagnostic settings that will be landing as built-in policies in Azure in the coming few weeks (estimate 4-6 weeks)
My question is, with the new policies, will I be able to configure Log Analytics as a target AND a Storage Account as a target for Archive? I'd like to have both but with different Retention duration. Let's assume something like Log Analytics being "hot" with 6 months and Storage Account being "cold" with 12 months.
Will this be possible? Thank you