Closed diiyyani closed 5 months ago
@microsoft-github-policy-service agree company="Microsoft"
@diiyyani Super appreciate your submission! Great work. However, as shared on as many forums/channels as possible, there are new diag settings policies coming from the product group that cover 137 services today. We generally refer to this as Diag Settings v2
, but this is a super set of diagnostic settings policy that allows you to target any supported data target (Log Analytics, Event Hub or Storage Account).
Kindly wait for those to go out (in progress) so we can update our guidance.
Closing as we will replace this with the built-in as @springstone advised above. Thanks for the awesome work though @diiyyani, please continue to support and contribute to ALZ
Overview/Summary
Added policyset for Deploy diagnostic settings for multiple resource types to send logs to Storage Account. This policyset will mark the resources which do not have diagnostic settings enabled as non-compliant and the remediation would be done by deploying diagnostic settings to enable monitoring using custom policies for the following resource types: 1) Activity Log 2) Analysis Services 3) App Service Plan 4) Application Gateway 5) Application Group 6) App Gateway Container 7) Application Insights 8) App Service 9) Azure AI 10) Azure Bot 11) Backup Vault 12) Batch Account 13) Azure Bing 14) Azure Managed Instance for Apache Cassandra 15) Communication Service 16) Computer Vision 17) Container Apps Environment 18) Cosmos DB 19) Databricks 20) Azure Data Explorer Cluster 21) Azure Database for MySQL single server 22) Azure Database for MySQL flexible server 23) Azure Database for PostgreSQL single server 24) Azure Database for PostgreSQL flexible server 25) Azure managed Grafana 26) Azure IoT Hub Device Provisioning Service (DPS) 27) Azure Load Testing 28) Azure Maps Account 29) Maria DB 30) Azure Machine Learning Workspace 31) Cosmos DB for Mongo DB account (RU) 32) Open AI Service 33) Azure Cosmos DB for PostgreSQL cluster 34) Synapse Spark Pool 35) SQL Managed Instance Database 36) Subscription
Apart from the custom policies, built-in policies are added into the initiative for the following resource types: 1) Key vault 2) API management services 3) App Configuration 4) Attestation providers 5) Automation Accounts 6) AVS private clouds 7) Azure Cache for Redis 8) Azure FarmBeats 9) Azure Machine Learning 10) Bastions 11) Cognitive Services 12) Container registries 13) Event Grid Domains 14) Event Grid Partner Namespaces 15) Event Grid Topics 16) Event Hub Namespaces 17) Front Door 18) CDN profiles 19) IoT Hubs 20) Log Analytics Workspaces 21) Managed HSMs 22) Media Services 23) Microsoft Purview accounts 24) p2svpngateways 25) Public IP addresses 26) Service Bus Namespaces 27) Signal R 28) SQL DB 29) SQL MI 30) Video Analyzers 31) Virtual Network Gateways 32) Volumes 33) Web PubSub Service
This PR fixes/adds/changes/removes
Breaking Changes
Testing Evidence
Testing URLs
The below URLs can be updated where the placeholders are, look for
diiyyani
, to allow you to test your portal deployment experience.Azure Public
Azure US Gov (Fairfax)
As part of this Pull Request I have
main
branch