Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to built-in Audit diagnostic setting policy #135

Merged
merged 3 commits into from
Jan 12, 2022
Merged

Switch to built-in Audit diagnostic setting policy #135

merged 3 commits into from
Jan 12, 2022

Conversation

SenthuranSivananthan
Copy link
Contributor

@SenthuranSivananthan SenthuranSivananthan commented Jan 12, 2022
edited
Loading

Overview/Summary

We are switching to a built-in Azure Policy to audit for diagnostic settings. This policy was previously created as a custom policy so that we only monitor for logs (instead of logs & metrics).

Azure Policy team has updated the built-in policy to provide the ability toggle which type of data that needs to be monitored through the policy. As a result, we are now able to remove the custom policy and reference the built-in.

This PR fixes/adds/changes/removes

Fixes #134

Breaking Changes

No breaking change.

Customers will need to manually remove the custom policy definition from Azure once the updated Custom - Log Analytics for Azure Services Policy initiative is deployed. Steps:

  1. Launch Azure Portal
  2. Navigate to Azure Policy
  3. Navigate to Definitions
  4. Find policy definition: "Audit diagnostic setting - Logs" and Delete.

Deletion will succeed given it will no longer referenced in any Policy Initiatives (policy sets) in our automation.

Testing Evidence

Custom Audit diagnostic setting policy that's used in the Log Analytics for Azure Services initiative

image

Replaced with built-in policy

image

As part of this Pull Request I have

  • Checked for duplicate Pull Requests
  • Associated it with relevant GitHub Issues
  • Ensured my code/branch is up-to-date with the latest changes in the main branch
  • Performed testing and provided evidence.
  • Updated relevant and associated documentation.

@SenthuranSivananthan SenthuranSivananthan marked this pull request as ready for review January 12, 2022 17:15
@skeeler skeeler self-assigned this Jan 12, 2022
skeeler
skeeler approved these changes Jan 12, 2022
View reviewed changes
Copy link
Contributor

@skeeler skeeler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@skeeler skeeler merged commit d494169 into Azure:main Jan 12, 2022
@SenthuranSivananthan SenthuranSivananthan deleted the auditDiagPolicy branch January 12, 2022 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skeeler skeeler skeeler approved these changes

@hudua hudua Awaiting requested review from hudua hudua is a code owner

Assignees

@skeeler skeeler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace Audit diagnostic setting with built-in
2 participants
@SenthuranSivananthan @skeeler