I am trying to create an Azure Policy here to audit when diagnostic settings are not set for Automation Accounts.
I cannot find the field to verify if the Automation account saves it.
For now, I noticed this, the settings seem to be here: Microsoft.Insights/diagnosticSettings
My diagnostic settings are available: /subscriptions/SUBSCRIPTIONID/resourcegroups/RESOURCEGROUP/providers/microsoft.automation/automationaccounts/AUTOMATIONACC/providers/microsoft.insights/diagnosticSettings/DIAGSETTINGNAME
But how can I use that information in order to have the policy to check if the resource is compliant?
Are you looking for the below Policy, here you can pass the Automation accounts (Resource Type) in the parameters. You can find list of built-in policies here.
Please follow this link to view the policy definition on Azure Portal.
{
"properties": {
"displayName": "Audit diagnostic setting",
"policyType": "BuiltIn",
"mode": "All",
"description": "Audit diagnostic setting for selected resource types",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"parameters": {
"listOfResourceTypes": {
"type": "Array",
"metadata": {
"displayName": "Resource Types",
"strongType": "resourceTypes"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": "[parameters('listOfResourceTypes')]"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
}
]
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "7f89b1eb-583c-429a-8828-af049802c1d9"
}