Springstone
commented
8 months ago @baartch just a heads up, the new policies might be delayed by a few weeks due to some issues with resources not fully supporting diag settings (as per your screenshot, Firewall does not yet expose the "Audit" category).
For your question, there will be separate policies and initiatives, for each of the targets. In total there will be 6 new initiatives, the option of allLogs or only audit logs, and then for each a specific log target (Log Analytics, Event Hub, storage account).
I'm not sure your scenario would be possible (far as I recall you can only choose one option to enforce through policy), would need to test that scenario (assigning two of the initiatives with different targets to the same resources).
Hope that helps.
@Springstone mentioned here, that there will be a complete overhaul of diagnostic settings that will be landing as built-in policies in Azure in the coming few weeks (estimate 4-6 weeks)
My question is, with the new policies, will I be able to configure Log Analytics as a target AND a Storage Account as a target for Archive? I'd like to have both but with different Retention duration. Let's assume something like Log Analytics being "hot" with 6 months and Storage Account being "cold" with 12 months.
Will this be possible? Thank you