Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
872 questions
issue with built-in Azure Policy "Configure Azure Activity logs to stream to specified Log Analytics workspace"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 28.000000000000004%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
AdamBudzinskiAZA-0329
91
Reputation points
hi,
trying to deploy the policy Configure Azure Activity logs to stream to specified Log Analytics workspace
https://www.azadvertizer.net/azpolicyadvertizer/2465583e-4e78-4c15-b6be-a36cbc7c8b0f.html
Altough, the parametree is configured to use strongType omsWorkspace I'm not getting the workspace selector like I'm used to in other policies:
As someone mentioned here https://techcommunity.microsoft.com/t5/azure/policy-assignment-to-enable-activity-log-on-subscription/m-p/2471006 changing the strongType from omsWorkspace to Microsoft.OperationalInsights/workspaces would solve the issue, however what I don't understand is that I'm using omsWorkspace as strongType in a custom policy and this works just fine :
I've followed https://video2.skills-academy.com/en-us/azure/governance/policy/concepts/definition-structure#strongtype to determine supported resource types and I can't see omWorkspace just:
ProviderNamespace : Microsoft.OperationalInsights
RegistrationState : Registered
ResourceTypes : {workspaces, querypacks, locations, locations/operationStatuses...}
Locations : {East US, West Europe, Southeast Asia, Australia Southeast...}
So, two questions. Does it have to change if yes, can the built-in policy by corrected ?! And, second what is this working for my other custom policy ?!
THANK YOU!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT 18,756 Reputation points2023-12-21T11:41:52.43+00:00 @AdamBudzinskiAZA-0329 Thanks for reaching out. I have tested the built in policy "Configure Azure Activity logs to stream to specified Log Analytics workspace" in my environment, and the log analytics were populated as expected. Only when the scope is not selected, then I noticed the same message as you have reported. Can you please recheck and let me know if you are still facing the issue?
-
SwathiDhanwada-MSFT 18,756 Reputation points
2023-12-27T12:27:57.88+00:00 @AdamBudzinskiAZA-0329 Did you get chance to look into my previous comment ? Kindly provide requested information.
-
AdamBudzinskiAZA-0329 91 Reputation points
2023-12-27T15:46:49.37+00:00 Yes, in fact it appears to be working now, not sure why, maybe you are correct, and I have skipped the assignment, and this was the cause. One different ask, why is the policy not parameterized to for example set the name of the Activity Log settings ? It is hardcoded in the policy definition as “subscriptionToLa
“. I don’t necessarily want to use that across all my subscriptions, and to change this I would have to create a custom policy based on the built-in policy but that doesn't scale IMHO to well. If there is ALREADY a policy that addresses a specific area, why can’t you folks make it to be customizable by exposing parameters instead of hardcoding them, this has been a concept advocated for years now, and should apply to policies as well, since in the end they are piece of code. In short, working with Azure Policy in most of the cases is just a pain in the butt!
-
SwathiDhanwada-MSFT 18,756 Reputation points
2023-12-28T04:12:43.78+00:00 @AdamBudzinskiAZA-0329 Thank you for sharing your feedback and expressing your concerns about working with Azure Policy. I appreciate your insights and understand that flexibility and customizability are crucial aspects for a seamless user experience.
I want you to know that your feedback is valuable to us, and we take such input seriously. I will share this input to the Policy Product Group team. If you have further inputs or feedback related to Azure Policy, kindly share with us so that I can convey the same with Policy PG team .
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
User794653 0 Reputation points2024-09-12T13:07:16.6233333+00:00 Hello,
A drawaback ot this is that any pre-existing diagnostic settings named "subscriptionToLa" will be replaced by the a new one, even if the destination log analytic is not the same.
Sign in to comment
Sign in to answer