October 2020 Update for Azure Diagnostic Settings Policy Definitions

1 minute read

Over the last couple years, I’ve been maintaining a set of custom Azure Policy Definitions for deploying Diagnostic Settings for applicable Azure services. You can find them in my GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/resource-diagnostics-settings

I’ve updated them again over the last couple of weeks. This is what’s changed:

Diagnostic Settings Policies:

  1. Minor bug fix for the Diagnostic Settings policies for Azure Automation Account
  2. Updated policies for Event Hub – included additional log categories that weren’t available when the policy was firstly written.
  3. Also updated policies for Recovery Services Vault – added additional log categories
  4. Updated policies for SQL Managed Instance – added additional log categories
  5. Updated policies for SQL database – added detection to exclude master db and Synapse (formally SQL DW) since Synapse has different log categories than normal SQL DB. Also updated metrics and log categories.
  6. New Policies for SQL Managed Databases (DBs on Managed Instances)
  7. New policies for Azure Synapse SQL Pool (Formally SQL DB)
  8. New policies for Azure Log Analytics Workspaces itself – Log Analytics can now be configured to produce audit logs

SQL PaaS Server Auditing Settings Policies

In addition to the Diagnostics Settings policy updates, I have also created a set of brand new policy for Azure SQL Server (PaaS) Auditing Settings with destination to Log Analytics or Event Hub (at the time of writing, it’s still in preview).

image

To enable SQL Server auditing for Log Analytics or Event Hub, there are 2 components needs to be configured:

  1. Enable SQL Server Auditing setting with the audit actions and groups of your choice (the audit actions and groups can only be defined using code, not available via the portal UI, you can find the full list on this article: SQL Server Audit Action Groups and Actions).
  2. Enable Diagnostics Settings on for the master database.

the SQL Server Auditing settings policies are located in a different folder in the same GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/sql-server-auditing

Leave a comment