diff --git a/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/README.md b/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/README.md new file mode 100644 index 00000000..202fffc9 --- /dev/null +++ b/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/README.md @@ -0,0 +1,17 @@ +# Enable Diagnostic Logs for Azure Bastion - JSON + +This is the Azure Policy Definition script to verify Azure Bastion diagnostic settings are enabled and flowing to a log analytics workspace. + +## Contributing + +This project welcomes contributions and suggestions. Most contributions require you to agree to a +Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us +the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. + +When you submit a pull request, a CLA bot will automatically determine whether you need to provide +a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions +provided by the bot. You will only need to do this once across all repos using our CLA. + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or +contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. diff --git a/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/azure-bastion-diagnostic-policy.json b/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/azure-bastion-diagnostic-policy.json new file mode 100644 index 00000000..2dd81c99 --- /dev/null +++ b/Azure Bastion/Policy - Azure Policy Definitions/Policy - Enable Diagnostic Logging for Azure Bastion/azure-bastion-diagnostic-policy.json @@ -0,0 +1,53 @@ +{ + "displayName": "Audit Diagnostic Logging for Azure Bastion", + "description": "Audits Azure Bastion hosts (Microsoft.Network/bastionHosts) to ensure diagnostic settings are configured to send the required logs (BastionAuditLogs, audit, allLogs) and metrics (AllMetrics) to a Log Analytics workspace.", + "policyType": "Custom", + "mode": "Indexed", + "metadata": { + "category": "Monitoring", + "version": "1.0.0" + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "AuditIfNotExists", + "Deny", + "Disabled" + ], + "defaultValue": "AuditIfNotExists" + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Network/bastionHosts" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/metrics.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/workspaceId", + "exists": "true" + } + ] + } + } + } + } + }