November 2020 Update for Azure Diagnostic Settings Policy Definitions

1 minute read

Last month, I released some updates to the Azure Policy definitions for Diagnostics Settings. After that update, there was a requirement for me to revisit and revalidate all existing policy definitions, so I have spent few days and have gone through them all, making sure they are still up-to-date. I have also added few definitions for few additional Azure services.

Here’s a the change log:

  • Updated the existing policy definitions for the following Azure services:
    • Azure Container Registry
    • Azure Kubernetes Service
    • Azure API Management
    • Azure Cognitive Services
    • Cosmos DB
    • Azure Data Factory
    • Event Grid Topic
    • ExpressRoute Circuits
    • Azure Firewall
    • Azure HDInsight
    • Azure Recovery Services Vault (Split Azure Backup and Azure Site Recovery into separate policies as explained in this article)
    • IoT Hub
    • MySQL
    • PostgreSQL
    • Azure Relay
    • SignalR
    • SQL Elastic Pool
    • Virtual Network
    • Virtual Network Gateway (update + bugfix)
    • Web App (Updated to exclude Function App. Function App is not included because Diagnostic settings only support Function App V3 which is still in preview, and I can’t seem to find a way to detect Function Run time version using policy aliases).
  • New policy definitions for:
    • CDN Profile
    • Log App Integration Service Environment
    • AppInsights
    • App Service Environment
    • Azure Storage Account (at the time of writing, this is still in public preview, documented in this article)
  • Updated Diagnostic Setting policies that send data Log Analytics:
    • Added “assignPermission” to log analytics workspaces
    • Added Azure Diagnostics mode vs Resource-Specific mode selection for applicable resource types (explained in this article)

Leave a comment