Audit diagnostic setting for selected resource types: false positive for `microsoft.automation/automationaccounts`, `microsoft.keyvault/vaults`, and `microsoft.network/publicipaddresses`

Details of the scenario you tried and the problem that is occurring

When the Audit diagnostic setting for selected resource types is assigned in a scope that contains a resource of the type microsoft.automation/automationaccounts, microsoft.keyvault/vaults, and microsoft.network/publicipaddresses then the policy will flag these resources as Non-Complaint. The policy checks for the existence of the field Microsoft.Insights/diagnosticSettings/logs.enabled with a value of true.

However the Microsoft.Insights/diagnosticSettings resources for microsoft.automation/automationaccounts, microsoft.keyvault/vaults, and microsoft.network/publicipaddresses are different from most resource types. Below is the difference:

"properties": {
        "logs": [
+           {
+               "category": null,
+               "categoryGroup": "audit",
+               "enabled": false,
+               "retentionPolicy": {
+                   "days": 0,
+                   "enabled": false
+               }
+           },            
            {
                "category": null,
                "categoryGroup": "allLogs",
                "enabled": true,
                "retentionPolicy": {
                    "days": 0,
                    "enabled": false
                }
            }
        ],
        "metrics": [
            {
                "timeGrain": null,
                "enabled": false,
                "retentionPolicy": {
                    "days": 0,
                    "enabled": false
                },
                "category": "AllMetrics"
            }
        ],

Because logs contains both the audit and allLogs categories and audit has enabled: "false" the policy flags this resource as Non-Compliant

Verbose logs showing the problem

N/A

If policy is Guest Configuration - details about target node

N/A

Azure / azure-policy