I firstly published a set of policy definitions for configuring Azure resource diagnostics settings last year. You can find the original post here: https://blog.tyang.org/2018/11/19/configuring-azure-resources-diagnostic-log-settings-using-azure-policy/. I have been keeping them up-to-date since then.
I’ve updated the Policy Definitions for the resource Diagnostic Settings again today with the following updates:
- New Policies added:
- Azure Bastion Hosts
- Azure AD Domain Services
- Existing Policy Updated:
- Azure App Service – with the support for the additional logs announced at Ignite 2019. Also the name of the policy file has changed.
- Removed (since they were incorrectly written in the first place and never worked):
You can find the latest version on my GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/resource-diagnostics-settings