Closed mundayn closed 7 months ago
mundayn
commented
7 months ago Looking further at this, it looks like you have a bicep file for this "mgDiagSettings.bicep" that sets this up, and I've confirmed it works via the Portal Accelerator and using API Playground.
This looks to be a one off bicep template per MG, I assume this is not possible then via Azure Policy?
jtracey93
commented
7 months ago Hey @mundayn,
Thanks for the issue, and good reasearch to find we already configure this today.
Unfortunately Management Groups aren't resources that exist with policy aliases today and therefore you cannot author policies that look at Management Groups today. We have already spoken to engineering and they are aware of this, but there is no ETA for adding support for them.
So today unfortunately we cannot do much on the ALZ side apart from what we do today.
Can I ask you follow the process here and request policy aliases for Management Groups.
Thanks
Jack
Hi all,
I found out today there is a gap in the Azure Portal where you can not export Management Group Activity Logs. (Any chance you could poke product on this ;)?)
There a few blog posts that this can be done using the API, Terraform etc. Example: https://sameeraman.github.io/blog/2021/06/20/mgauditlogs/
I'm wondering if a policy could be created as part of the EZLZ to stream these Activity Logs to LAW. You already have one for subscription Activity Logs, as this is using one of the default policies. (Configure Azure Activity logs to stream to specified Log Analytics workspace)
IMO, this is a bit of a security gap, as most policies are assigned at the Management Group level, and because these are not being streamed to LAW or Event Hub, we are missing important events, such as a user Disabling policies that are not being audited or sent to SIEM.
Thanks for your time!