{
	"id": "56ff66c3-40e3-4f9b-938a-3850be3e34e9",
	"created_at": "2026-04-06T01:29:18.592781Z",
	"updated_at": "2026-04-10T13:12:52.192159Z",
	"deleted_at": null,
	"sha1_hash": "d4a93409f14d9428d9722a77ecf3275a07321b96",
	"title": "List of built-in policy definitions - Azure Policy",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 864213,
	"plain_text": "List of built-in policy definitions - Azure Policy\r\nBy rmcmurray\r\nArchived: 2026-04-06 00:33:15 UTC\r\n[Preview]: Configure subscriptions to enable service health alert monitoring rule Assignable at the subscription or\r\nmanagement group level, this policy ensures that each subscription has a service health alert rule configured with\r\nalert conditions and mapping to action groups as specified in the policy parameters. By default creates a resource\r\ngroup, alert rule and action group configured to send emails to subscription owners for all service health events.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.3.0-preview [Preview]: Configure system-assigned managed\r\nidentity to enable Azure Monitor assignments on VMs Configure system-assigned managed identity to virtual\r\nmachines hosted in Azure that are supported by Azure Monitor and do not have a system-assigned managed\r\nidentity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be\r\nadded to machines before using any Azure Monitor extension. Target virtual machines must be in a supported\r\nlocation. Modify, Disabled 6.2.0-preview [Preview]: Data Collection Rules that target a specific workspace should\r\nuse the specified Data Collection Endpoint Audit or deny the creation of DCRs that target a workspace and don't\r\nuse the specified DCE Audit, Deny, Disabled 1.0.0-preview [Preview]: Network traffic data collection agent\r\nshould be installed on Linux virtual machines Security Center uses the Microsoft Dependency agent to collect\r\nnetwork traffic data from your Azure virtual machines to enable advanced network protection features such as\r\ntraffic visualization on the network map, network hardening recommendations and specific network threats.\r\nAuditIfNotExists, Disabled 1.0.2-preview [Preview]: Network traffic data collection agent should be installed on\r\nWindows virtual machines Security Center uses the Microsoft Dependency agent to collect network traffic data\r\nfrom your Azure virtual machines to enable advanced network protection features such as traffic visualization on\r\nthe network map, network hardening recommendations and specific network threats. AuditIfNotExists, Disabled\r\n1.0.2-preview Activity log should be retained for at least one year This policy audits the activity log if the\r\nretention is not set for 365 days or forever (retention days set to 0). AuditIfNotExists, Disabled 1.0.0 An activity\r\nlog alert should exist for specific Administrative operations This policy audits specific Administrative operations\r\nwith no activity log alerts configured. AuditIfNotExists, Disabled 1.0.0 An activity log alert should exist for\r\nspecific Policy operations This policy audits specific Policy operations with no activity log alerts configured.\r\nAuditIfNotExists, Disabled 3.0.0 An activity log alert should exist for specific Security operations This policy\r\naudits specific Security operations with no activity log alerts configured. AuditIfNotExists, Disabled 1.1.0\r\nApplication Insights components should block log ingestion and querying from public networks Improve\r\nApplication Insights security by blocking log ingestion and querying from public networks. Only private-link\r\nconnected networks will be able to ingest and query logs of this component. Learn more at\r\nhttps://aka.ms/AzMonPrivateLink#configure-application-insights. audit, Audit, deny, Deny, disabled, Disabled\r\n1.1.0 Application Insights components should block non-Azure Active Directory based ingestion. Enforcing log\r\ningestion to require Azure Active Directory authentication prevents unauthenticated logs from an attacker which\r\ncould lead to incorrect status, false alerts, and incorrect logs stored in the system. Deny, Audit, Disabled 1.0.0\r\nApplication Insights components with Private Link enabled should use Bring Your Own Storage accounts for\r\nprofiler and debugger. To support private link and customer-managed key policies, create your own storage\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 1 of 54\n\naccount for profiler and debugger. Learn more in https://docs.microsoft.com/azure/azure-monitor/app/profiler-bring-your-own-storage Deny, Audit, Disabled 1.0.0 Audit diagnostic setting for selected resource types Audit\r\ndiagnostic setting for selected resource types. Be sure to select only resource types which support diagnostics\r\nsettings. AuditIfNotExists 2.0.1 Azure Application Gateway should have Resource logs enabled Enable Resource\r\nlogs for Azure Application Gateway (plus WAF) and stream to a Log Analytics workspace. Get detailed visibility\r\ninto inbound web traffic and actions taken to mitigate attacks. AuditIfNotExists, Disabled 1.0.0 Azure Front Door\r\nshould have Resource logs enabled Enable Resource logs for Azure Front Door (plus WAF) and stream to a Log\r\nAnalytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks.\r\nAuditIfNotExists, Disabled 1.0.0 Azure Front Door Standard or Premium (Plus WAF) should have resource logs\r\nenabled Enable Resource logs for Azure Front Door Standard or Premium (plus WAF) and stream to a Log\r\nAnalytics workspace. Get detailed visibility into inbound web traffic and actions taken to mitigate attacks.\r\nAuditIfNotExists, Disabled 1.0.0 Azure Log Search Alerts over Log Analytics workspaces should use customer-managed keys Ensure that Azure Log Search Alerts are implementing customer-managed keys, by storing the\r\nquery text using the storage account that the customer had provided for the queried Log Analytics workspace. For\r\nmore information, visit https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview. Audit, Disabled, Deny 1.0.0 Azure Monitor log profile should collect logs\r\nfor categories 'write,' 'delete,' and 'action' This policy ensures that a log profile collects logs for categories 'write,'\r\n'delete,' and 'action' AuditIfNotExists, Disabled 1.0.0 Azure Monitor Logs clusters should be created with\r\ninfrastructure-encryption enabled (double encryption) To ensure secure data encryption is enabled at the service\r\nlevel and the infrastructure level with two different encryption algorithms and two different keys, use an Azure\r\nMonitor dedicated cluster. This option is enabled by default when supported at the region, see\r\nhttps://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys#customer-managed-key-overview. audit, Audit, deny, Deny, disabled, Disabled 1.1.0 Azure Monitor Logs clusters should be encrypted\r\nwith customer-managed key Create Azure Monitor logs cluster with customer-managed keys encryption. By\r\ndefault, the log data is encrypted with service-managed keys, but customer-managed keys are commonly required\r\nto meet regulatory compliance. Customer-managed key in Azure Monitor gives you more control over the access\r\nto you data, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys. audit, Audit,\r\ndeny, Deny, disabled, Disabled 1.1.0 Azure Monitor Logs for Application Insights should be linked to a Log\r\nAnalytics workspace Link the Application Insights component to a Log Analytics workspace for logs encryption.\r\nCustomer-managed keys are commonly required to meet regulatory compliance and for more control over the\r\naccess to your data in Azure Monitor. Linking your component to a Log Analytics workspace that's enabled with a\r\ncustomer-managed key, ensures that your Application Insights logs meet this compliance requirement, see\r\nhttps://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys. audit, Audit, deny, Deny,\r\ndisabled, Disabled 1.1.0 Azure Monitor Private Link Scope should block access to non private link resources\r\nAzure Private Link lets you connect your virtual networks to Azure resources through a private endpoint to an\r\nAzure Monitor Private Link scope (AMPLS). Private Link Access modes are set on your AMPLS to control\r\nwhether ingestion and query requests from your networks can reach all resources, or only Private Link resources\r\n(to prevent data exfiltration). Learn more about private links at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security#private-link-access-modes-private-only-vs-open. Audit, Deny, Disabled 1.0.0\r\nAzure Monitor Private Link Scope should use private link Azure Private Link lets you connect your virtual\r\nnetworks to Azure services without a public IP address at the source or destination. The Private Link platform\r\nhandles the connectivity between the consumer and services over the Azure backbone network. By mapping\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 2 of 54\n\nprivate endpoints to Azure Monitor Private Links Scope, you can reduce data leakage risks. Learn more about\r\nprivate links at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security. AuditIfNotExists,\r\nDisabled 1.0.0 Azure Monitor should collect activity logs from all regions This policy audits the Azure Monitor\r\nlog profile which does not export activities from all Azure supported regions including global. AuditIfNotExists,\r\nDisabled 2.0.0 Azure Monitor solution 'Security and Audit' must be deployed This policy ensures that Security and\r\nAudit is deployed. AuditIfNotExists, Disabled 1.0.0 Azure subscriptions should have a log profile for Activity Log\r\nThis policy ensures if a log profile is enabled for exporting activity logs. It audits if there is no log profile created\r\nto export the logs either to a storage account or to an event hub. AuditIfNotExists, Disabled 1.0.0 Configure Azure\r\nActivity logs to stream to specified Log Analytics workspace Deploys the diagnostic settings for Azure Activity to\r\nstream subscriptions audit logs to a Log Analytics workspace to monitor subscription-level events\r\nDeployIfNotExists, Disabled 1.0.0 Configure Azure Application Insights components to disable public network\r\naccess for log ingestion and querying Disable components log ingestion and querying from public networks access\r\nto improve security. Only private-link connected networks will be able to ingest and query logs on this workspace.\r\nLearn more at https://aka.ms/AzMonPrivateLink#configure-application-insights. Modify, Disabled 1.1.0\r\nConfigure Azure Log Analytics workspaces to disable public network access for log ingestion and querying\r\nImprove workspace security by blocking log ingestion and querying from public networks. Only private-link\r\nconnected networks will be able to ingest and query logs on this workspace. Learn more at\r\nhttps://aka.ms/AzMonPrivateLink#configure-log-analytics. Modify, Disabled 1.1.0 Configure Azure Monitor\r\nPrivate Link Scope to block access to non private link resources Azure Private Link lets you connect your virtual\r\nnetworks to Azure resources through a private endpoint to an Azure Monitor Private Link scope (AMPLS). Private\r\nLink Access modes are set on your AMPLS to control whether ingestion and query requests from your networks\r\ncan reach all resources, or only Private Link resources (to prevent data exfiltration). Learn more about private\r\nlinks at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security#private-link-access-modes-private-only-vs-open. Modify, Disabled 1.0.0 Configure Azure Monitor Private Link Scope to use private DNS\r\nzones Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to\r\nyour virtual network to resolve to Azure Monitor private link scope. Learn more at:\r\nhttps://docs.microsoft.com/azure/azure-monitor/logs/private-link-security#connect-to-a-private-endpoint.\r\nDeployIfNotExists, Disabled 1.0.0 Configure Azure Monitor Private Link Scopes with private endpoints Private\r\nendpoints connect your virtual networks to Azure services without a public IP address at the source or destination.\r\nBy mapping private endpoints to Azure Monitor Private Link Scopes, you can reduce data leakage risks. Learn\r\nmore about private links at: https://docs.microsoft.com/azure/azure-monitor/logs/private-link-security.\r\nDeployIfNotExists, Disabled 1.0.0 Configure Dependency agent on Azure Arc enabled Linux servers Enable VM\r\ninsights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency\r\nagent virtual machine extension. VM insights uses the Dependency agent to collect network metrics and\r\ndiscovered data about processes running on the machine and external process dependencies. See more -\r\nhttps://aka.ms/vminsightsdocs. DeployIfNotExists, Disabled 2.1.0 Configure Dependency agent on Azure Arc\r\nenabled Linux servers with Azure Monitoring Agent settings Enable VM insights on servers and machines\r\nconnected to Azure through Arc enabled servers by installing the Dependency agent virtual machine extension\r\nwith Azure Monitoring Agent settings. VM insights uses the Dependency agent to collect network metrics and\r\ndiscovered data about processes running on the machine and external process dependencies. See more -\r\nhttps://aka.ms/vminsightsdocs. DeployIfNotExists, Disabled 1.2.0 Configure Dependency agent on Azure Arc\r\nenabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 3 of 54\n\nservers by installing the Dependency agent virtual machine extension. VM insights uses the Dependency agent to\r\ncollect network metrics and discovered data about processes running on the machine and external process\r\ndependencies. See more - https://aka.ms/vminsightsdocs. DeployIfNotExists, Disabled 2.1.0 Configure\r\nDependency agent on Azure Arc enabled Windows servers with Azure Monitoring Agent settings Enable VM\r\ninsights on servers and machines connected to Azure through Arc enabled servers by installing the Dependency\r\nagent virtual machine extension with Azure Monitoring Agent settings. VM insights uses the Dependency agent to\r\ncollect network metrics and discovered data about processes running on the machine and external process\r\ndependencies. See more - https://aka.ms/vminsightsdocs. DeployIfNotExists, Disabled 1.2.0 Configure Linux Arc\r\nMachines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link\r\nLinux Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of\r\nlocations are updated over time as support is increased. DeployIfNotExists, Disabled 2.2.1 Configure Linux Arc-enabled machines to run Azure Monitor Agent Automate the deployment of Azure Monitor Agent extension on\r\nyour Linux Arc-enabled machines for collecting telemetry data from the guest OS. This policy will install the\r\nextension if the region is supported. Learn more: https://aka.ms/AMAOverview. DeployIfNotExists, Disabled\r\n2.4.0 Configure Linux Machines to be associated with a Data Collection Rule or a Data Collection Endpoint\r\nDeploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified\r\nData Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated\r\nover time as support is increased. DeployIfNotExists, Disabled 6.8.0 Configure Linux Virtual Machine Scale Sets\r\nto be associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link Linux\r\nvirtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list\r\nof locations and OS images are updated over time as support is increased. DeployIfNotExists, Disabled 4.7.0\r\nConfigure Linux virtual machine scale sets to run Azure Monitor Agent with system-assigned managed identity-based authentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine\r\nscale sets for collecting telemetry data from the guest OS. This policy will install the extension if the OS and\r\nregion are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more:\r\nhttps://aka.ms/AMAOverview. DeployIfNotExists, Disabled 3.10.0 Configure Linux virtual machine scale sets to\r\nrun Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment of\r\nAzure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the\r\nguest OS. This policy will install the extension and configure it to use the specified user-assigned managed\r\nidentity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.\r\nDeployIfNotExists, Disabled 3.11.0 Configure Linux Virtual Machines to be associated with a Data Collection\r\nRule or a Data Collection Endpoint Deploy Association to link Linux virtual machines to the specified Data\r\nCollection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over\r\ntime as support is increased. DeployIfNotExists, Disabled 4.7.0 Configure Linux virtual machines to run Azure\r\nMonitor Agent with system-assigned managed identity-based authentication Automate the deployment of Azure\r\nMonitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This\r\npolicy will install the extension if the OS and region are supported and system-assigned managed identity is\r\nenabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. DeployIfNotExists, Disabled\r\n3.10.0 Configure Linux virtual machines to run Azure Monitor Agent with user-assigned managed identity-based\r\nauthentication Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for\r\ncollecting telemetry data from the guest OS. This policy will install the extension and configure it to use the\r\nspecified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 4 of 54\n\nmore: https://aka.ms/AMAOverview. DeployIfNotExists, Disabled 3.14.0 Configure Log Analytics workspace and\r\nautomation account to centralize logs and monitoring Deploy resource group containing Log Analytics workspace\r\nand linked automation account to centralize logs and monitoring. The automation account is aprerequisite for\r\nsolutions like Updates and Change Tracking. DeployIfNotExists, AuditIfNotExists, Disabled 2.0.0 Configure\r\nWindows Arc Machines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy\r\nAssociation to link Windows Arc machines to the specified Data Collection Rule or the specified Data Collection\r\nEndpoint. The list of locations are updated over time as support is increased. DeployIfNotExists, Disabled 2.4.0\r\nConfigure Windows Arc-enabled machines to run Azure Monitor Agent Automate the deployment of Azure\r\nMonitor Agent extension on your Windows Arc-enabled machines for collecting telemetry data from the guest OS.\r\nThis policy will install the extension if the OS and region are supported and system-assigned managed identity is\r\nenabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview. DeployIfNotExists, Disabled 2.6.0\r\nConfigure Windows Machines to be associated with a Data Collection Rule or a Data Collection Endpoint Deploy\r\nAssociation to link Windows virtual machines, virtual machine scale sets, and Arc machines to the specified Data\r\nCollection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over\r\ntime as support is increased. DeployIfNotExists, Disabled 4.8.0 Configure Windows Virtual Machine Scale Sets to\r\nbe associated with a Data Collection Rule or a Data Collection Endpoint Deploy Association to link Windows\r\nvirtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list\r\nof locations and OS images are updated over time as support is increased. DeployIfNotExists, Disabled 3.7.0\r\nConfigure Windows virtual machine scale sets to run Azure Monitor Agent using system-assigned managed\r\nidentity Automate the deployment of Azure Monitor Agent extension on your Windows virtual machine scale sets\r\nfor collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are\r\nsupported and system-assigned managed identity is enabled, and skip install otherwise. Learn more:\r\nhttps://aka.ms/AMAOverview. DeployIfNotExists, Disabled 3.7.0 Configure Windows virtual machine scale sets\r\nto run Azure Monitor Agent with user-assigned managed identity-based authentication Automate the deployment\r\nof Azure Monitor Agent extension on your Windows virtual machine scale sets for collecting telemetry data from\r\nthe guest OS. This policy will install the extension and configure it to use the specified user-assigned managed\r\nidentity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.\r\nDeployIfNotExists, Disabled 1.9.0 Configure Windows Virtual Machines to be associated with a Data Collection\r\nRule or a Data Collection Endpoint Deploy Association to link Windows virtual machines to the specified Data\r\nCollection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over\r\ntime as support is increased. DeployIfNotExists, Disabled 3.6.0 Configure Windows virtual machines to run Azure\r\nMonitor Agent using system-assigned managed identity Automate the deployment of Azure Monitor Agent\r\nextension on your Windows virtual machines for collecting telemetry data from the guest OS. This policy will\r\ninstall the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip\r\ninstall otherwise. Learn more: https://aka.ms/AMAOverview. DeployIfNotExists, Disabled 4.7.0 Configure\r\nWindows virtual machines to run Azure Monitor Agent with user-assigned managed identity-based authentication\r\nAutomate the deployment of Azure Monitor Agent extension on your Windows virtual machines for collecting\r\ntelemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more:\r\nhttps://aka.ms/AMAOverview. DeployIfNotExists, Disabled 1.9.0 Dependency agent should be enabled for listed\r\nvirtual machine images Reports virtual machines as non-compliant if the virtual machine image is in the list\r\ndefined and the agent is not installed. The list of OS images is updated over time as support is updated.\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 5 of 54\n\nAuditIfNotExists, Disabled 2.1.0 Dependency agent should be enabled in virtual machine scale sets for listed\r\nvirtual machine images Reports virtual machine scale sets as non-compliant if the virtual machine image is in the\r\nlist defined and the agent is not installed. The list of OS images is updated over time as support is updated.\r\nAuditIfNotExists, Disabled 2.1.0 Deploy - Configure Dependency agent to be enabled on Windows virtual\r\nmachine scale sets Deploy Dependency agent for Windows virtual machine scale sets if the virtual machine image\r\nis in the list defined and the agent is not installed. If your scale set upgradePolicy is set to Manual, you need to\r\napply the extension to all the virtual machines in the set by updating them. DeployIfNotExists, Disabled 3.3.0\r\nDeploy - Configure Dependency agent to be enabled on Windows virtual machines Deploy Dependency agent for\r\nWindows virtual machines if the virtual machine image is in the list defined and the agent is not installed.\r\nDeployIfNotExists, Disabled 3.3.0 Deploy - Configure diagnostic settings to a Log Analytics workspace to be\r\nenabled on Azure Key Vault Managed HSM Deploys the diagnostic settings for Azure Key Vault Managed HSM\r\nto stream to a regional Log Analytics workspace when any Azure Key Vault Managed HSM which is missing this\r\ndiagnostic settings is created or updated. DeployIfNotExists, Disabled 1.0.0 Deploy Dependency agent for Linux\r\nvirtual machine scale sets Deploy Dependency agent for Linux virtual machine scale sets if the VM Image (OS) is\r\nin the list defined and the agent is not installed. Note: if your scale set upgradePolicy is set to Manual, you need to\r\napply the extension to the all virtual machines in the set by calling upgrade on them. In CLI this would be az vmss\r\nupdate-instances. deployIfNotExists 5.1.0 Deploy Dependency agent for Linux virtual machine scale sets with\r\nAzure Monitoring Agent settings Deploy Dependency agent for Linux virtual machine scale sets with Azure\r\nMonitoring Agent settings if the VM Image (OS) is in the list defined and the agent is not installed. Note: if your\r\nscale set upgradePolicy is set to Manual, you need to apply the extension to the all virtual machines in the set by\r\ncalling upgrade on them. In CLI this would be az vmss update-instances. DeployIfNotExists, Disabled 3.2.0\r\nDeploy Dependency agent for Linux virtual machines Deploy Dependency agent for Linux virtual machines if the\r\nVM Image (OS) is in the list defined and the agent is not installed. deployIfNotExists 5.1.0 Deploy Dependency\r\nagent for Linux virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Linux\r\nvirtual machines with Azure Monitoring Agent settings if the VM Image (OS) is in the list defined and the agent is\r\nnot installed. DeployIfNotExists, Disabled 3.2.0 Deploy Dependency agent to be enabled on Windows virtual\r\nmachine scale sets with Azure Monitoring Agent settings Deploy Dependency agent for Windows virtual machine\r\nscale sets with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the agent is\r\nnot installed. If your scale set upgradePolicy is set to Manual, you need to apply the extension to all the virtual\r\nmachines in the set by updating them. DeployIfNotExists, Disabled 1.4.0 Deploy Dependency agent to be enabled\r\non Windows virtual machines with Azure Monitoring Agent settings Deploy Dependency agent for Windows\r\nvirtual machines with Azure Monitoring Agent settings if the virtual machine image is in the list defined and the\r\nagent is not installed. DeployIfNotExists, Disabled 1.4.0 Deploy Diagnostic Settings for Batch Account to Event\r\nHub Deploys the diagnostic settings for Batch Account to stream to a regional Event Hub when any Batch\r\nAccount which is missing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 2.0.0 Deploy\r\nDiagnostic Settings for Batch Account to Log Analytics workspace Deploys the diagnostic settings for Batch\r\nAccount to stream to a regional Log Analytics workspace when any Batch Account which is missing this\r\ndiagnostic settings is created or updated. DeployIfNotExists, Disabled 1.1.0 Deploy Diagnostic Settings for Data\r\nLake Analytics to Event Hub Deploys the diagnostic settings for Data Lake Analytics to stream to a regional\r\nEvent Hub when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\r\nDeployIfNotExists, Disabled 2.0.0 Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics\r\nworkspace Deploys the diagnostic settings for Data Lake Analytics to stream to a regional Log Analytics\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 6 of 54\n\nworkspace when any Data Lake Analytics which is missing this diagnostic settings is created or updated.\r\nDeployIfNotExists, Disabled 1.0.0 Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub Deploys\r\nthe diagnostic settings for Data Lake Storage Gen1 to stream to a regional Event Hub when any Data Lake\r\nStorage Gen1 which is missing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 2.0.0\r\nDeploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace Deploys the diagnostic\r\nsettings for Data Lake Storage Gen1 to stream to a regional Log Analytics workspace when any Data Lake\r\nStorage Gen1 which is missing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 1.0.0\r\nDeploy Diagnostic Settings for Event Hub to Event Hub Deploys the diagnostic settings for Event Hub to stream\r\nto a regional Event Hub when any Event Hub which is missing this diagnostic settings is created or updated.\r\nDeployIfNotExists, Disabled 2.1.0 Deploy Diagnostic Settings for Event Hub to Log Analytics workspace\r\nDeploys the diagnostic settings for Event Hub to stream to a regional Log Analytics workspace when any Event\r\nHub which is missing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 2.3.0 Deploy\r\nDiagnostic Settings for Key Vault to Log Analytics workspace Deploys the diagnostic settings for Key Vault to\r\nstream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is\r\ncreated or updated. DeployIfNotExists, Disabled 3.0.0 Deploy Diagnostic Settings for Logic Apps to Event Hub\r\nDeploys the diagnostic settings for Logic Apps to stream to a regional Event Hub when any Logic Apps which is\r\nmissing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 2.0.0 Deploy Diagnostic\r\nSettings for Logic Apps to Log Analytics workspace Deploys the diagnostic settings for Logic Apps to stream to a\r\nregional Log Analytics workspace when any Logic Apps which is missing this diagnostic settings is created or\r\nupdated. DeployIfNotExists, Disabled 1.0.0 Deploy Diagnostic Settings for Network Security Groups This policy\r\nautomatically deploys diagnostic settings to network security groups. A storage account with name\r\n'{storagePrefixParameter}{NSGLocation}' will be automatically created. deployIfNotExists 2.0.1 Deploy\r\nDiagnostic Settings for Search Services to Event Hub Deploys the diagnostic settings for Search Services to\r\nstream to a regional Event Hub when any Search Services which is missing this diagnostic settings is created or\r\nupdated. DeployIfNotExists, Disabled 2.0.0 Deploy Diagnostic Settings for Search Services to Log Analytics\r\nworkspace Deploys the diagnostic settings for Search Services to stream to a regional Log Analytics workspace\r\nwhen any Search Services which is missing this diagnostic settings is created or updated. DeployIfNotExists,\r\nDisabled 1.0.0 Deploy Diagnostic Settings for Service Bus to Event Hub Deploys the diagnostic settings for\r\nService Bus to stream to a regional Event Hub when any Service Bus which is missing this diagnostic settings is\r\ncreated or updated. DeployIfNotExists, Disabled 2.0.0 Deploy Diagnostic Settings for Service Bus to Log\r\nAnalytics workspace Deploys the diagnostic settings for Service Bus to stream to a regional Log Analytics\r\nworkspace when any Service Bus which is missing this diagnostic settings is created or updated.\r\nDeployIfNotExists, Disabled 2.3.0 Deploy Diagnostic Settings for Stream Analytics to Event Hub Deploys the\r\ndiagnostic settings for Stream Analytics to stream to a regional Event Hub when any Stream Analytics which is\r\nmissing this diagnostic settings is created or updated. DeployIfNotExists, Disabled 2.0.0 Deploy Diagnostic\r\nSettings for Stream Analytics to Log Analytics workspace Deploys the diagnostic settings for Stream Analytics to\r\nstream to a regional Log Analytics workspace when any Stream Analytics which is missing this diagnostic settings\r\nis created or updated. DeployIfNotExists, Disabled 1.0.0 Enable logging by category group for 1ES Hosted Pools\r\n(microsoft.cloudtest/hostedpools) to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for 1ES Hosted Pools\r\n(microsoft.cloudtest/hostedpools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 7 of 54\n\ncategory group for 1ES Hosted Pools (microsoft.cloudtest/hostedpools) to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for 1ES Hosted Pools (microsoft.cloudtest/hostedpools). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for 1ES Hosted Pools\r\n(microsoft.cloudtest/hostedpools) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for 1ES Hosted Pools\r\n(microsoft.cloudtest/hostedpools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Analysis Services (microsoft.analysisservices/servers) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Analysis Services (microsoft.analysisservices/servers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Analysis Services (microsoft.analysisservices/servers) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Analysis Services (microsoft.analysisservices/servers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Analysis Services\r\n(microsoft.analysisservices/servers) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Analysis Services\r\n(microsoft.analysisservices/servers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Apache Spark pools\r\n(microsoft.synapse/workspaces/bigdatapools) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Apache\r\nSpark pools (microsoft.synapse/workspaces/bigdatapools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for API Management\r\nservices (microsoft.apimanagement/service) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for API Management\r\nservices (microsoft.apimanagement/service). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging\r\nby category group for API Management services (microsoft.apimanagement/service) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 8 of 54\n\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for API Management services (microsoft.apimanagement/service).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for API Management\r\nservices (microsoft.apimanagement/service) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for API Management\r\nservices (microsoft.apimanagement/service). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging\r\nby category group for App Configuration (microsoft.appconfiguration/configurationstores) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for App Configuration (microsoft.appconfiguration/configurationstores). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for App Configuration\r\n(microsoft.appconfiguration/configurationstores) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor App Configuration (microsoft.appconfiguration/configurationstores). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for App Configuration\r\n(microsoft.appconfiguration/configurationstores) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for App\r\nConfiguration (microsoft.appconfiguration/configurationstores). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.1.0 Enable logging by category group for App Service (microsoft.web/sites) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for App Service (microsoft.web/sites). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for App Service Environments\r\n(microsoft.web/hostingenvironments) to Event Hub Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to an Event Hub for App Service Environments\r\n(microsoft.web/hostingenvironments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for App Service Environments (microsoft.web/hostingenvironments) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for App Service Environments (microsoft.web/hostingenvironments).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for App Service\r\nEnvironments (microsoft.web/hostingenvironments) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for App Service\r\nEnvironments (microsoft.web/hostingenvironments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Application gateways (microsoft.network/applicationgateways) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 9 of 54\n\nto route logs to an Event Hub for Application gateways (microsoft.network/applicationgateways).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Application gateways\r\n(microsoft.network/applicationgateways) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nApplication gateways (microsoft.network/applicationgateways). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Application gateways (microsoft.network/applicationgateways) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Application gateways (microsoft.network/applicationgateways).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Application group\r\n(microsoft.desktopvirtualization/applicationgroups) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Azure Virtual Desktop Application group (microsoft.desktopvirtualization/applicationgroups).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Application groups\r\n(microsoft.desktopvirtualization/applicationgroups) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nApplication groups (microsoft.desktopvirtualization/applicationgroups). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Application groups\r\n(microsoft.desktopvirtualization/applicationgroups) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Application groups (microsoft.desktopvirtualization/applicationgroups). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Application groups\r\n(microsoft.desktopvirtualization/applicationgroups) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Application\r\ngroups (microsoft.desktopvirtualization/applicationgroups). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Application Insights (microsoft.insights/components) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Application Insights (microsoft.insights/components). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Application Insights\r\n(microsoft.insights/components) to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Application\r\nInsights (microsoft.insights/components). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Application Insights (Microsoft.Insights/components) to Log Analytics (Virtual Enclaves)\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 10 of 54\n\nto route logs to a Log Analytics workspace for Application Insights (Microsoft.Insights/components).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.1 Enable logging by category group for Application Insights\r\n(microsoft.insights/components) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Application Insights\r\n(microsoft.insights/components). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Attestation providers (microsoft.attestation/attestationproviders) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Attestation providers (microsoft.attestation/attestationproviders). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Attestation providers\r\n(microsoft.attestation/attestationproviders) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nAttestation providers (microsoft.attestation/attestationproviders). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.1.0 Enable logging by category group for Attestation providers (microsoft.attestation/attestationproviders) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Attestation providers (microsoft.attestation/attestationproviders).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Automation Accounts\r\n(microsoft.automation/automationaccounts) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Automation Accounts\r\n(microsoft.automation/automationaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging\r\nby category group for Automation Accounts (microsoft.automation/automationaccounts) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Automation Accounts (microsoft.automation/automationaccounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Automation Accounts\r\n(microsoft.automation/automationaccounts) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Automation\r\nAccounts (microsoft.automation/automationaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for AVS Private clouds (microsoft.avs/privateclouds). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.2.0 Enable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for AVS Private clouds (microsoft.avs/privateclouds).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for AVS Private clouds\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 11 of 54\n\n(microsoft.avs/privateclouds) to Storage Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for AVS Private clouds\r\n(microsoft.avs/privateclouds). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category\r\ngroup for Azure AD Domain Services (microsoft.aad/domainservices) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure AD Domain Services (microsoft.aad/domainservices). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Azure AD Domain Services (microsoft.aad/domainservices) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Azure AD Domain Services (microsoft.aad/domainservices).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure AD Domain\r\nServices (microsoft.aad/domainservices) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Azure AD Domain\r\nServices (microsoft.aad/domainservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Azure API for FHIR (microsoft.healthcareapis/services) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure API for FHIR (microsoft.healthcareapis/services). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Azure API for FHIR (microsoft.healthcareapis/services) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Azure API for FHIR (microsoft.healthcareapis/services).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure API for FHIR\r\n(microsoft.healthcareapis/services) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Azure API for FHIR\r\n(microsoft.healthcareapis/services). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Azure Cache for Redis (microsoft.cache/redis) to Event Hub Resource logs should be enabled\r\nto track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure Cache for Redis (microsoft.cache/redis). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable\r\nlogging by category group for Azure Cache for Redis (microsoft.cache/redis) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Azure Cache for Redis (microsoft.cache/redis). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Azure Cache for Redis\r\n(microsoft.cache/redis) to Storage Resource logs should be enabled to track activities and events that take place on\r\nyour resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic\r\nsetting using a category group to route logs to a Storage Account for Azure Cache for Redis\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 12 of 54\n\n(microsoft.cache/redis). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group\r\nfor Azure Cosmos DB (microsoft.documentdb/databaseaccounts) to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Azure Cosmos DB (microsoft.documentdb/databaseaccounts). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Cosmos DB accounts\r\n(microsoft.documentdb/databaseaccounts) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Azure Cosmos DB\r\naccounts (microsoft.documentdb/databaseaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Azure Cosmos DB accounts\r\n(microsoft.documentdb/databaseaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Data Explorer\r\nClusters (microsoft.kusto/clusters) to Event Hub Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to an Event Hub for Azure Data Explorer\r\nClusters (microsoft.kusto/clusters). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Azure Data Explorer Clusters (microsoft.kusto/clusters) to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Azure Data Explorer Clusters (microsoft.kusto/clusters). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Data Explorer Clusters\r\n(microsoft.kusto/clusters) to Storage Resource logs should be enabled to track activities and events that take place\r\non your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Azure Data Explorer Clusters\r\n(microsoft.kusto/clusters). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group\r\nfor Azure Database for MariaDB servers (microsoft.dbformariadb/servers) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure Database for MariaDB servers (microsoft.dbformariadb/servers). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Azure Database for MariaDB servers\r\n(microsoft.dbformariadb/servers) to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Database\r\nfor MariaDB servers (microsoft.dbformariadb/servers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 13 of 54\n\nEnable logging by category group for Azure Database for MariaDB servers (microsoft.dbformariadb/servers) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Azure Database for MariaDB servers\r\n(microsoft.dbformariadb/servers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Azure Database for MySQL servers (microsoft.dbformysql/servers) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Azure Database for MySQL servers (microsoft.dbformysql/servers). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Database for MySQL servers\r\n(microsoft.dbformysql/servers) to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Database\r\nfor MySQL servers (microsoft.dbformysql/servers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Azure Database for MySQL servers (microsoft.dbformysql/servers) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Azure Database for MySQL servers (microsoft.dbformysql/servers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Databricks\r\nServices (microsoft.databricks/workspaces) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Azure Databricks\r\nServices (microsoft.databricks/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Azure Databricks Services (microsoft.databricks/workspaces) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Azure Databricks Services (microsoft.databricks/workspaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Databricks\r\nServices (microsoft.databricks/workspaces) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Azure Databricks\r\nServices (microsoft.databricks/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Digital Twins\r\n(microsoft.digitaltwins/digitaltwinsinstances) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Azure\r\nDigital Twins (microsoft.digitaltwins/digitaltwinsinstances). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances) to\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 14 of 54\n\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure FarmBeats\r\n(microsoft.agfoodplatform/farmbeats) to Event Hub Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to an Event Hub for Azure FarmBeats\r\n(microsoft.agfoodplatform/farmbeats). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by\r\ncategory group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Azure FarmBeats (microsoft.agfoodplatform/farmbeats). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Azure FarmBeats\r\n(microsoft.agfoodplatform/farmbeats) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Azure FarmBeats\r\n(microsoft.agfoodplatform/farmbeats). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Azure Load Testing (microsoft.loadtestservice/loadtests) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure Load Testing (microsoft.loadtestservice/loadtests). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Azure Load Testing (microsoft.loadtestservice/loadtests) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Azure Load Testing (microsoft.loadtestservice/loadtests).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Load Testing\r\n(microsoft.loadtestservice/loadtests) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Azure Load Testing\r\n(microsoft.loadtestservice/loadtests). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Azure Machine Learning (microsoft.machinelearningservices/workspaces) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Azure Machine Learning (microsoft.machinelearningservices/workspaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Azure Machine\r\nLearning (microsoft.machinelearningservices/workspaces) to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for Azure Machine Learning (microsoft.machinelearningservices/workspaces). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Azure Machine Learning\r\n(microsoft.machinelearningservices/workspaces) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 15 of 54\n\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Azure Machine\r\nLearning (microsoft.machinelearningservices/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Azure Managed Grafana (microsoft.dashboard/grafana) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Azure Managed Grafana (microsoft.dashboard/grafana). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Managed Grafana\r\n(microsoft.dashboard/grafana) to Log Analytics Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Log Analytics workspace for Azure Managed Grafana\r\n(microsoft.dashboard/grafana). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for Azure Managed Grafana (microsoft.dashboard/grafana) to Storage Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nAzure Managed Grafana (microsoft.dashboard/grafana). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Azure Spring Apps (microsoft.appplatform/spring) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Azure Spring Apps (microsoft.appplatform/spring). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Azure Spring Apps (microsoft.appplatform/spring) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Azure Spring Apps (microsoft.appplatform/spring).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Spring Apps\r\n(microsoft.appplatform/spring) to Storage Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Azure Spring Apps\r\n(microsoft.appplatform/spring). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for Azure Synapse Analytics (microsoft.synapse/workspaces) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Azure Synapse Analytics (microsoft.synapse/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Azure Synapse Analytics (microsoft.synapse/workspaces) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Azure Synapse Analytics (microsoft.synapse/workspaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Synapse\r\nAnalytics (microsoft.synapse/workspaces) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Azure Synapse\r\nAnalytics (microsoft.synapse/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Azure Video Indexer (microsoft.videoindexer/accounts) to Event Hub Resource logs should\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 16 of 54\n\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for Azure Video Indexer (microsoft.videoindexer/accounts). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Azure Video Indexer (microsoft.videoindexer/accounts) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Azure Video Indexer (microsoft.videoindexer/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Azure Video Indexer\r\n(microsoft.videoindexer/accounts) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Azure Video Indexer\r\n(microsoft.videoindexer/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Backup vaults (microsoft.dataprotection/backupvaults) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Backup vaults (microsoft.dataprotection/backupvaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Backup vaults (microsoft.dataprotection/backupvaults) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Backup vaults (microsoft.dataprotection/backupvaults).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Backup vaults\r\n(microsoft.dataprotection/backupvaults) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Backup vaults\r\n(microsoft.dataprotection/backupvaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Bastions (microsoft.network/bastionhosts) to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nBastions (microsoft.network/bastionhosts). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging\r\nby category group for Bastions (microsoft.network/bastionhosts) to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Bastions (microsoft.network/bastionhosts). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for Bastions (microsoft.network/bastionhosts) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Bastions (microsoft.network/bastionhosts). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Batch accounts\r\n(microsoft.batch/batchaccounts) to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for Batch accounts\r\n(microsoft.batch/batchaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 17 of 54\n\ngroup for Batch accounts (microsoft.batch/batchaccounts) to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for Batch accounts (microsoft.batch/batchaccounts). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Batch accounts (microsoft.batch/batchaccounts) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Batch accounts (microsoft.batch/batchaccounts). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Bot Services (microsoft.botservice/botservices) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Bot Services (microsoft.botservice/botservices). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Bot Services\r\n(microsoft.botservice/botservices) to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Bot Services\r\n(microsoft.botservice/botservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Bot Services (microsoft.botservice/botservices) to Storage Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nBot Services (microsoft.botservice/botservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Caches (microsoft.cache/redisenterprise/databases) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Caches (microsoft.cache/redisenterprise/databases). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Caches (microsoft.cache/redisenterprise/databases) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Caches (microsoft.cache/redisenterprise/databases).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Caches\r\n(microsoft.cache/redisenterprise/databases) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Caches\r\n(microsoft.cache/redisenterprise/databases). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Chaos Experiments (microsoft.chaos/experiments) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Chaos Experiments (microsoft.chaos/experiments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Chaos Experiments (microsoft.chaos/experiments) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Chaos Experiments (microsoft.chaos/experiments).\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 18 of 54\n\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Chaos Experiments\r\n(microsoft.chaos/experiments) to Storage Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Chaos Experiments\r\n(microsoft.chaos/experiments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for Code Signing Accounts (microsoft.codesigning/codesigningaccounts) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Code Signing Accounts (microsoft.codesigning/codesigningaccounts). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Code Signing Accounts\r\n(microsoft.codesigning/codesigningaccounts) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Code\r\nSigning Accounts (microsoft.codesigning/codesigningaccounts). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Code Signing Accounts (microsoft.codesigning/codesigningaccounts)\r\nto Storage Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Storage Account for Code Signing Accounts\r\n(microsoft.codesigning/codesigningaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Cognitive Services (microsoft.cognitiveservices/accounts). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Cognitive Services\r\n(microsoft.cognitiveservices/accounts) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nCognitive Services (microsoft.cognitiveservices/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Cognitive Services (microsoft.cognitiveservices/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Communication\r\nServices (microsoft.communication/communicationservices) to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nCommunication Services (microsoft.communication/communicationservices). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Communication Services\r\n(microsoft.communication/communicationservices) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Communication Services (microsoft.communication/communicationservices). DeployIfNotExists,\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 19 of 54\n\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Communication Services\r\n(microsoft.communication/communicationservices) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Communication\r\nServices (microsoft.communication/communicationservices). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Connected Cache Resources (microsoft.connectedcache/ispcustomers)\r\nto Event Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for Connected Cache Resources\r\n(microsoft.connectedcache/ispcustomers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Connected Cache Resources (microsoft.connectedcache/ispcustomers) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Connected Cache Resources\r\n(microsoft.connectedcache/ispcustomers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Connected Cache Resources (microsoft.connectedcache/ispcustomers) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Connected Cache Resources (microsoft.connectedcache/ispcustomers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Container Apps\r\nEnvironments (microsoft.app/managedenvironments) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Container\r\nApps Environments (microsoft.app/managedenvironments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Container Apps Environments (microsoft.app/managedenvironments) to\r\nLog Analytics Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for Container Apps Environments\r\n(microsoft.app/managedenvironments). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Container Apps Environments (microsoft.app/managedenvironments) to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Container Apps Environments (microsoft.app/managedenvironments).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Container instances\r\n(microsoft.containerinstance/containergroups) to Event Hub Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Container instances\r\n(microsoft.containerinstance/containergroups). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Container instances (microsoft.containerinstance/containergroups) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Container instances (microsoft.containerinstance/containergroups).\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 20 of 54\n\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Container instances\r\n(microsoft.containerinstance/containergroups) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Container\r\ninstances (microsoft.containerinstance/containergroups). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Container registries (microsoft.containerregistry/registries) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Container registries (microsoft.containerregistry/registries). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Container registries\r\n(microsoft.containerregistry/registries) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nContainer registries (microsoft.containerregistry/registries). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Container registries (microsoft.containerregistry/registries) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Container registries (microsoft.containerregistry/registries).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Data collection rules\r\n(microsoft.insights/datacollectionrules) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Data collection rules\r\n(microsoft.insights/datacollectionrules). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Data collection rules (microsoft.insights/datacollectionrules) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Data collection rules (microsoft.insights/datacollectionrules).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Data collection rules\r\n(microsoft.insights/datacollectionrules) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Data collection rules\r\n(microsoft.insights/datacollectionrules). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Data factories (V2) (microsoft.datafactory/factories) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Data factories (V2) (microsoft.datafactory/factories). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Data factories (V2) (microsoft.datafactory/factories) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Data factories (V2) (microsoft.datafactory/factories).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Data factories (V2)\r\n(microsoft.datafactory/factories) to Storage Resource logs should be enabled to track activities and events that\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 21 of 54\n\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Data factories (V2)\r\n(microsoft.datafactory/factories). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Data Lake Analytics (microsoft.datalakeanalytics/accounts) to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for Data Lake Analytics (microsoft.datalakeanalytics/accounts). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Data Lake Analytics (microsoft.datalakeanalytics/accounts)\r\nto Log Analytics Resource logs should be enabled to track activities and events that take place on your resources\r\nand give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for Data Lake Analytics\r\n(microsoft.datalakeanalytics/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Data Lake Analytics (microsoft.datalakeanalytics/accounts) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for Data Lake Analytics (microsoft.datalakeanalytics/accounts). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Data Lake Storage Gen1 (microsoft.datalakestore/accounts)\r\nto Event Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for Data Lake Storage Gen1 (microsoft.datalakestore/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Data Lake Storage\r\nGen1 (microsoft.datalakestore/accounts) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Data\r\nLake Storage Gen1 (microsoft.datalakestore/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Data Lake Storage Gen1 (microsoft.datalakestore/accounts) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Data Lake Storage Gen1 (microsoft.datalakestore/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Data Shares\r\n(microsoft.datashare/accounts) to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for Data Shares\r\n(microsoft.datashare/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for Data Shares (microsoft.datashare/accounts) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Data Shares (microsoft.datashare/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Data Shares (microsoft.datashare/accounts) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for Data Shares (microsoft.datashare/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 22 of 54\n\nEnable logging by category group for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools) to Event\r\nHub Resource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Dedicated SQL pools\r\n(microsoft.synapse/workspaces/sqlpools) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nDedicated SQL pools (microsoft.synapse/workspaces/sqlpools). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Dev centers\r\n(microsoft.devcenter/devcenters) to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for Dev centers\r\n(microsoft.devcenter/devcenters). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Dev centers (microsoft.devcenter/devcenters) to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Dev centers (microsoft.devcenter/devcenters). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Dev centers (microsoft.devcenter/devcenters) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Dev centers (microsoft.devcenter/devcenters). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for DICOM service\r\n(microsoft.healthcareapis/workspaces/dicomservices) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for DICOM\r\nservice (microsoft.healthcareapis/workspaces/dicomservices). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for DICOM service (microsoft.healthcareapis/workspaces/dicomservices)\r\nto Log Analytics Resource logs should be enabled to track activities and events that take place on your resources\r\nand give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for DICOM service\r\n(microsoft.healthcareapis/workspaces/dicomservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for DICOM service (microsoft.healthcareapis/workspaces/dicomservices) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for DICOM service\r\n(microsoft.healthcareapis/workspaces/dicomservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Endpoints (microsoft.cdn/profiles/endpoints) to Event Hub Resource logs\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 23 of 54\n\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Endpoints (microsoft.cdn/profiles/endpoints). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Endpoints (microsoft.cdn/profiles/endpoints) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Endpoints (microsoft.cdn/profiles/endpoints). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Endpoints\r\n(microsoft.cdn/profiles/endpoints) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Endpoints\r\n(microsoft.cdn/profiles/endpoints). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Event Grid Domains (microsoft.eventgrid/domains) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Event Grid Domains (microsoft.eventgrid/domains). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0\r\nEnable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Event Grid Domains (microsoft.eventgrid/domains).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Event Grid Domains\r\n(microsoft.eventgrid/domains) to Storage Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Event Grid Domains\r\n(microsoft.eventgrid/domains). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category\r\ngroup for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Event Grid Partner\r\nNamespaces (microsoft.eventgrid/partnernamespaces) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Event Grid Partner Namespaces\r\n(microsoft.eventgrid/partnernamespaces) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Event Grid Partner\r\nNamespaces (microsoft.eventgrid/partnernamespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Event Grid Partner Topics (microsoft.eventgrid/partnertopics) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 24 of 54\n\nto route logs to an Event Hub for Event Grid Partner Topics (microsoft.eventgrid/partnertopics).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Event Grid Partner\r\nTopics (microsoft.eventgrid/partnertopics) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Event\r\nGrid Partner Topics (microsoft.eventgrid/partnertopics). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Event Grid Partner Topics (microsoft.eventgrid/partnertopics) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Event Grid Partner Topics (microsoft.eventgrid/partnertopics).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Event Grid System\r\nTopics (microsoft.eventgrid/systemtopics) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Event Grid System\r\nTopics (microsoft.eventgrid/systemtopics). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Event Grid System Topics (microsoft.eventgrid/systemtopics) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Event Grid System Topics (microsoft.eventgrid/systemtopics).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Event Grid System\r\nTopics (microsoft.eventgrid/systemtopics) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Event Grid\r\nSystem Topics (microsoft.eventgrid/systemtopics). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for Event Grid Topics (microsoft.eventgrid/topics). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0\r\nEnable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Event Grid Topics (microsoft.eventgrid/topics). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Event Grid Topics\r\n(microsoft.eventgrid/topics) to Storage Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Event Grid Topics\r\n(microsoft.eventgrid/topics). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category\r\ngroup for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Event Hubs Namespaces (microsoft.eventhub/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.2.0 Enable logging by category group for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Log\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 25 of 54\n\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Event Hubs Namespaces (microsoft.eventhub/namespaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Event Hubs\r\nNamespaces (microsoft.eventhub/namespaces) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Event Hubs\r\nNamespaces (microsoft.eventhub/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable\r\nlogging by category group for Experiment Workspaces (microsoft.experimentation/experimentworkspaces) to\r\nEvent Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for Experiment Workspaces\r\n(microsoft.experimentation/experimentworkspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Experiment Workspaces (microsoft.experimentation/experimentworkspaces) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Experiment Workspaces\r\n(microsoft.experimentation/experimentworkspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Experiment Workspaces (microsoft.experimentation/experimentworkspaces) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Experiment Workspaces\r\n(microsoft.experimentation/experimentworkspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for ExpressRoute circuits (microsoft.network/expressroutecircuits) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for ExpressRoute circuits (microsoft.network/expressroutecircuits).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for ExpressRoute circuits\r\n(microsoft.network/expressroutecircuits) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nExpressRoute circuits (microsoft.network/expressroutecircuits). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for ExpressRoute circuits (microsoft.network/expressroutecircuits) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for ExpressRoute circuits (microsoft.network/expressroutecircuits).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for FHIR service\r\n(microsoft.healthcareapis/workspaces/fhirservices) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for FHIR\r\nservice (microsoft.healthcareapis/workspaces/fhirservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for FHIR service (microsoft.healthcareapis/workspaces/fhirservices) to Log\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 26 of 54\n\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for FHIR service\r\n(microsoft.healthcareapis/workspaces/fhirservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for FHIR service (microsoft.healthcareapis/workspaces/fhirservices) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for FHIR service (microsoft.healthcareapis/workspaces/fhirservices).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Firewall\r\n(microsoft.network/azurefirewalls) to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Firewall\r\n(microsoft.network/azurefirewalls). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Firewalls (microsoft.network/azurefirewalls) to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nFirewalls (microsoft.network/azurefirewalls). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Firewalls (microsoft.network/azurefirewalls) to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Firewalls (microsoft.network/azurefirewalls). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Firewalls (microsoft.network/azurefirewalls) to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for Firewalls (microsoft.network/azurefirewalls). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Front Door and CDN profiles\r\n(microsoft.cdn/profiles) to Event Hub Resource logs should be enabled to track activities and events that take\r\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for Front Door and CDN profiles\r\n(microsoft.cdn/profiles). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by category group\r\nfor Front Door and CDN profiles (microsoft.cdn/profiles) to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for Front Door and CDN profiles (microsoft.cdn/profiles). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for Front Door and CDN profiles (microsoft.cdn/profiles) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Front Door and CDN profiles (microsoft.cdn/profiles).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Front Door and CDN\r\nprofiles (microsoft.network/frontdoors) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Front Door and CDN\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 27 of 54\n\nprofiles (microsoft.network/frontdoors). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by\r\ncategory group for Front Door and CDN profiles (microsoft.network/frontdoors) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Front Door and CDN profiles (microsoft.network/frontdoors).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Front Door and CDN\r\nprofiles (microsoft.network/frontdoors) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Front Door and CDN\r\nprofiles (microsoft.network/frontdoors). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Function App (microsoft.web/sites) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Function App (microsoft.web/sites). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Host pool (microsoft.desktopvirtualization/hostpools) to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Azure Virtual Desktop Host pool (microsoft.desktopvirtualization/hostpools).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Host pools\r\n(microsoft.desktopvirtualization/hostpools) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Host pools\r\n(microsoft.desktopvirtualization/hostpools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Host pools (microsoft.desktopvirtualization/hostpools) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Host pools (microsoft.desktopvirtualization/hostpools). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Host pools\r\n(microsoft.desktopvirtualization/hostpools) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Host pools\r\n(microsoft.desktopvirtualization/hostpools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for HPC caches (microsoft.storagecache/caches) to Event Hub Resource logs should be enabled\r\nto track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor HPC caches (microsoft.storagecache/caches). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for HPC caches (microsoft.storagecache/caches) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for HPC caches (microsoft.storagecache/caches). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for HPC caches\r\n(microsoft.storagecache/caches) to Storage Resource logs should be enabled to track activities and events that take\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 28 of 54\n\nplace on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for HPC caches\r\n(microsoft.storagecache/caches). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for Integration accounts (microsoft.logic/integrationaccounts) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Integration accounts (microsoft.logic/integrationaccounts). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Integration accounts (microsoft.logic/integrationaccounts) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Integration accounts (microsoft.logic/integrationaccounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Integration accounts\r\n(microsoft.logic/integrationaccounts) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Integration accounts\r\n(microsoft.logic/integrationaccounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for IoT Hub (microsoft.devices/iothubs) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for IoT Hub\r\n(microsoft.devices/iothubs). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by category\r\ngroup for IoT Hub (microsoft.devices/iothubs) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor IoT Hub (microsoft.devices/iothubs). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for IoT Hub (microsoft.devices/iothubs) to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for IoT\r\nHub (microsoft.devices/iothubs). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category\r\ngroup for Key vaults (microsoft.keyvault/vaults) to Event Hub Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Key vaults\r\n(microsoft.keyvault/vaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by category\r\ngroup for Key vaults (microsoft.keyvault/vaults) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Key vaults (microsoft.keyvault/vaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging\r\nby category group for Key vaults (microsoft.keyvault/vaults) to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Key\r\nvaults (microsoft.keyvault/vaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Live events (microsoft.media/mediaservices/liveevents) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 29 of 54\n\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Live events (microsoft.media/mediaservices/liveevents). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Live events (microsoft.media/mediaservices/liveevents) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Live events (microsoft.media/mediaservices/liveevents).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Live events\r\n(microsoft.media/mediaservices/liveevents) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Live events\r\n(microsoft.media/mediaservices/liveevents). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Load balancers (microsoft.network/loadbalancers) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Load balancers (microsoft.network/loadbalancers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Load balancers (microsoft.network/loadbalancers) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Load balancers (microsoft.network/loadbalancers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Load balancers\r\n(microsoft.network/loadbalancers) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Load balancers\r\n(microsoft.network/loadbalancers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Log Analytics workspaces (microsoft.operationalinsights/workspaces). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Log Analytics workspaces\r\n(microsoft.operationalinsights/workspaces) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Log\r\nAnalytics workspaces (microsoft.operationalinsights/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.1.0 Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces)\r\nto Storage Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Storage Account for Log Analytics workspaces\r\n(microsoft.operationalinsights/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging\r\nby category group for Logic apps (microsoft.logic/workflows) to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Logic\r\napps (microsoft.logic/workflows). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 30 of 54\n\ncategory group for Logic apps (microsoft.logic/workflows) to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for Logic apps (microsoft.logic/workflows). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Logic apps (microsoft.logic/workflows) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for Logic apps (microsoft.logic/workflows). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Managed CCF Apps (microsoft.confidentialledger/managedccfs) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Managed CCF Apps (microsoft.confidentialledger/managedccfs).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Managed CCF Apps\r\n(microsoft.confidentialledger/managedccfs) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nManaged CCF Apps (microsoft.confidentialledger/managedccfs). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Managed CCF Apps (microsoft.confidentialledger/managedccfs) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Managed CCF Apps (microsoft.confidentialledger/managedccfs).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Managed databases\r\n(microsoft.sql/managedinstances/databases) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Managed databases\r\n(microsoft.sql/managedinstances/databases). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Managed databases (microsoft.sql/managedinstances/databases) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Managed databases (microsoft.sql/managedinstances/databases).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Managed databases\r\n(microsoft.sql/managedinstances/databases) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Managed\r\ndatabases (microsoft.sql/managedinstances/databases). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Managed HSMs (microsoft.keyvault/managedhsms). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.2.0 Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 31 of 54\n\ngroup to route logs to a Log Analytics workspace for Managed HSMs (microsoft.keyvault/managedhsms).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Managed HSMs\r\n(microsoft.keyvault/managedhsms) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Managed HSMs\r\n(microsoft.keyvault/managedhsms). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Media Services (microsoft.media/mediaservices) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Media Services (microsoft.media/mediaservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable\r\nlogging by category group for Media Services (microsoft.media/mediaservices) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Media Services (microsoft.media/mediaservices). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Media Services\r\n(microsoft.media/mediaservices) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Media Services\r\n(microsoft.media/mediaservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for MedTech service (microsoft.healthcareapis/workspaces/iotconnectors) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for MedTech service (microsoft.healthcareapis/workspaces/iotconnectors). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for MedTech service\r\n(microsoft.healthcareapis/workspaces/iotconnectors) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor MedTech service (microsoft.healthcareapis/workspaces/iotconnectors). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for MedTech service\r\n(microsoft.healthcareapis/workspaces/iotconnectors) to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for MedTech service\r\n(microsoft.healthcareapis/workspaces/iotconnectors). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Microsoft Purview accounts (microsoft.purview/accounts) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Microsoft Purview accounts (microsoft.purview/accounts). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Microsoft Purview accounts\r\n(microsoft.purview/accounts) to Log Analytics Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Log Analytics workspace for Microsoft Purview\r\naccounts (microsoft.purview/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 32 of 54\n\ncategory group for Microsoft Purview accounts (microsoft.purview/accounts) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for Microsoft Purview accounts (microsoft.purview/accounts). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for microsoft.autonomousdevelopmentplatform/workspaces to\r\nEvent Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for microsoft.autonomousdevelopmentplatform/workspaces.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.autonomousdevelopmentplatform/workspaces to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for microsoft.autonomousdevelopmentplatform/workspaces. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.autonomousdevelopmentplatform/workspaces to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for microsoft.autonomousdevelopmentplatform/workspaces.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.azuresphere/catalogs to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for microsoft.azuresphere/catalogs.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.azuresphere/catalogs to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nmicrosoft.azuresphere/catalogs. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.azuresphere/catalogs to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.azuresphere/catalogs. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.cdn/cdnwebapplicationfirewallpolicies to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.cdn/cdnwebapplicationfirewallpolicies. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.cdn/cdnwebapplicationfirewallpolicies to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.cdn/cdnwebapplicationfirewallpolicies. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.cdn/cdnwebapplicationfirewallpolicies to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 33 of 54\n\nmicrosoft.cdn/cdnwebapplicationfirewallpolicies. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.classicnetwork/networksecuritygroups to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.classicnetwork/networksecuritygroups. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.classicnetwork/networksecuritygroups to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for microsoft.classicnetwork/networksecuritygroups.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.classicnetwork/networksecuritygroups to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.classicnetwork/networksecuritygroups. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.community/communitytrainings to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.community/communitytrainings. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.community/communitytrainings to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.community/communitytrainings. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.community/communitytrainings to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for microsoft.community/communitytrainings. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.connectedcache/enterprisemcccustomers to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.connectedcache/enterprisemcccustomers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.connectedcache/enterprisemcccustomers to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.connectedcache/enterprisemcccustomers. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.connectedcache/enterprisemcccustomers to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.connectedcache/enterprisemcccustomers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.customproviders/resourceproviders to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 34 of 54\n\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.customproviders/resourceproviders. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.customproviders/resourceproviders to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.customproviders/resourceproviders. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.customproviders/resourceproviders to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.customproviders/resourceproviders. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.d365customerinsights/instances to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.d365customerinsights/instances. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.d365customerinsights/instances to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.d365customerinsights/instances. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.d365customerinsights/instances to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for microsoft.d365customerinsights/instances. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for microsoft.dbformysql/flexibleservers to\r\nEvent Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for microsoft.dbformysql/flexibleservers. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for microsoft.dbformysql/flexibleservers to\r\nLog Analytics Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for microsoft.dbformysql/flexibleservers.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.dbformysql/flexibleservers to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.dbformysql/flexibleservers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.dbforpostgresql/flexibleservers to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.dbforpostgresql/flexibleservers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.dbforpostgresql/flexibleservers to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 35 of 54\n\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for microsoft.dbforpostgresql/flexibleservers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.dbforpostgresql/flexibleservers to Storage Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for microsoft.dbforpostgresql/flexibleservers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.dbforpostgresql/servergroupsv2 to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.dbforpostgresql/servergroupsv2. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.dbforpostgresql/servergroupsv2 to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.dbforpostgresql/servergroupsv2. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for microsoft.dbforpostgresql/servergroupsv2\r\nto Storage Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Storage Account for microsoft.dbforpostgresql/servergroupsv2.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.dbforpostgresql/servers to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for microsoft.dbforpostgresql/servers.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.dbforpostgresql/servers to Log Analytics Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nmicrosoft.dbforpostgresql/servers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.dbforpostgresql/servers to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.dbforpostgresql/servers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.devices/provisioningservices to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.devices/provisioningservices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.devices/provisioningservices to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for microsoft.devices/provisioningservices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.devices/provisioningservices to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 36 of 54\n\nAccount for microsoft.devices/provisioningservices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.documentdb/cassandraclusters to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.documentdb/cassandraclusters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.documentdb/cassandraclusters to Log Analytics Resource logs should be enabled\r\nto track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.documentdb/cassandraclusters. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.documentdb/cassandraclusters to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for microsoft.documentdb/cassandraclusters. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.documentdb/mongoclusters to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.documentdb/mongoclusters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.documentdb/mongoclusters to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.documentdb/mongoclusters. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.documentdb/mongoclusters to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for microsoft.documentdb/mongoclusters. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.insights/autoscalesettings to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.insights/autoscalesettings. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.insights/autoscalesettings to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.insights/autoscalesettings. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.insights/autoscalesettings to Storage Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for microsoft.insights/autoscalesettings. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.machinelearningservices/registries to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.machinelearningservices/registries. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.machinelearningservices/registries to Log Analytics Resource logs should\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 37 of 54\n\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.machinelearningservices/registries. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.machinelearningservices/registries to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for microsoft.machinelearningservices/registries. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.machinelearningservices/workspaces/onlineendpoints to Event Hub Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.machinelearningservices/workspaces/onlineendpoints. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.machinelearningservices/workspaces/onlineendpoints to\r\nLog Analytics Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for\r\nmicrosoft.machinelearningservices/workspaces/onlineendpoints. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.machinelearningservices/workspaces/onlineendpoints to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for microsoft.machinelearningservices/workspaces/onlineendpoints.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.managednetworkfabric/networkdevices to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.managednetworkfabric/networkdevices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.managednetworkfabric/networkdevices to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.managednetworkfabric/networkdevices. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.managednetworkfabric/networkdevices to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.managednetworkfabric/networkdevices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.network/dnsresolverpolicies to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.network/dnsresolverpolicies. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.network/dnsresolverpolicies to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 38 of 54\n\nworkspace for microsoft.network/dnsresolverpolicies. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.network/dnsresolverpolicies to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for microsoft.network/dnsresolverpolicies. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.network/networkmanagers/ipampools to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.network/networkmanagers/ipampools. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.network/networkmanagers/ipampools to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.network/networkmanagers/ipampools. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.network/networkmanagers/ipampools to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.network/networkmanagers/ipampools. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.network/networksecurityperimeters to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.network/networksecurityperimeters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.network/networksecurityperimeters to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.network/networksecurityperimeters. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.network/networksecurityperimeters to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.network/networksecurityperimeters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.network/p2svpngateways to Event Hub Resource logs should be enabled\r\nto track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.network/p2svpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by\r\ncategory group for microsoft.network/p2svpngateways to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor microsoft.network/p2svpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for microsoft.network/p2svpngateways to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 39 of 54\n\nmicrosoft.network/p2svpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for microsoft.network/vpngateways to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.network/vpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.network/vpngateways to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nmicrosoft.network/vpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.network/vpngateways to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.network/vpngateways. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.networkanalytics/dataproducts to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.networkanalytics/dataproducts. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for microsoft.networkanalytics/dataproducts to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for microsoft.networkanalytics/dataproducts. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.networkanalytics/dataproducts to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for microsoft.networkanalytics/dataproducts. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.networkcloud/baremetalmachines to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.networkcloud/baremetalmachines. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.networkcloud/baremetalmachines to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for microsoft.networkcloud/baremetalmachines. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.networkcloud/baremetalmachines to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.networkcloud/baremetalmachines. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.networkcloud/clusters to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.networkcloud/clusters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 40 of 54\n\ngroup for microsoft.networkcloud/clusters to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nmicrosoft.networkcloud/clusters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.networkcloud/clusters to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.networkcloud/clusters. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category\r\ngroup for microsoft.networkcloud/storageappliances to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.networkcloud/storageappliances. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.networkcloud/storageappliances to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.networkcloud/storageappliances. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.networkcloud/storageappliances to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for microsoft.networkcloud/storageappliances. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.networkfunction/azuretrafficcollectors to Event Hub Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.networkfunction/azuretrafficcollectors. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.networkfunction/azuretrafficcollectors to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.networkfunction/azuretrafficcollectors. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.networkfunction/azuretrafficcollectors to Storage Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.networkfunction/azuretrafficcollectors. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.notificationhubs/namespaces/notificationhubs to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for microsoft.notificationhubs/namespaces/notificationhubs. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.notificationhubs/namespaces/notificationhubs to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 41 of 54\n\nworkspace for microsoft.notificationhubs/namespaces/notificationhubs. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.notificationhubs/namespaces/notificationhubs to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for microsoft.notificationhubs/namespaces/notificationhubs.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.openenergyplatform/energyservices to Event Hub Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nmicrosoft.openenergyplatform/energyservices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.openenergyplatform/energyservices to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.openenergyplatform/energyservices. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.openenergyplatform/energyservices to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.openenergyplatform/energyservices. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.powerbi/tenants/workspaces to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.powerbi/tenants/workspaces. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.powerbi/tenants/workspaces to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for microsoft.powerbi/tenants/workspaces. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.powerbi/tenants/workspaces to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for microsoft.powerbi/tenants/workspaces. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.servicenetworking/trafficcontrollers to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.servicenetworking/trafficcontrollers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.servicenetworking/trafficcontrollers to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for microsoft.servicenetworking/trafficcontrollers. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.servicenetworking/trafficcontrollers to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 42 of 54\n\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.servicenetworking/trafficcontrollers. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.synapse/workspaces/kustopools to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor microsoft.synapse/workspaces/kustopools. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.synapse/workspaces/kustopools to Log Analytics Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.synapse/workspaces/kustopools. DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for microsoft.synapse/workspaces/kustopools to Storage\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Storage Account for microsoft.synapse/workspaces/kustopools. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for microsoft.timeseriesinsights/environments\r\nto Event Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for microsoft.timeseriesinsights/environments. DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for microsoft.timeseriesinsights/environments\r\nto Log Analytics Resource logs should be enabled to track activities and events that take place on your resources\r\nand give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for microsoft.timeseriesinsights/environments.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.timeseriesinsights/environments to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.timeseriesinsights/environments. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for microsoft.timeseriesinsights/environments/eventsources to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.timeseriesinsights/environments/eventsources. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.timeseriesinsights/environments/eventsources to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for microsoft.timeseriesinsights/environments/eventsources.\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for\r\nmicrosoft.timeseriesinsights/environments/eventsources to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nmicrosoft.timeseriesinsights/environments/eventsources. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for microsoft.workloads/sapvirtualinstances to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 43 of 54\n\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for microsoft.workloads/sapvirtualinstances. DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for microsoft.workloads/sapvirtualinstances to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for microsoft.workloads/sapvirtualinstances. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for microsoft.workloads/sapvirtualinstances to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for microsoft.workloads/sapvirtualinstances. DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Network Managers (microsoft.network/networkmanagers) to Event\r\nHub Resource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Network Managers (microsoft.network/networkmanagers). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Network Managers\r\n(microsoft.network/networkmanagers) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Network\r\nManagers (microsoft.network/networkmanagers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Network Managers (microsoft.network/networkmanagers) to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Network Managers (microsoft.network/networkmanagers). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Network security groups\r\n(microsoft.network/networksecuritygroups) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Network security\r\ngroups (microsoft.network/networksecuritygroups). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Network security groups (microsoft.network/networksecuritygroups) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Network security groups\r\n(microsoft.network/networksecuritygroups). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Network security groups (microsoft.network/networksecuritygroups) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Network security groups (microsoft.network/networksecuritygroups).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Notification Hub\r\nNamespaces (microsoft.notificationhubs/namespaces) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for\r\nNotification Hub Namespaces (microsoft.notificationhubs/namespaces). DeployIfNotExists, AuditIfNotExists,\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 44 of 54\n\nDisabled 1.0.0 Enable logging by category group for Notification Hub Namespaces\r\n(microsoft.notificationhubs/namespaces) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nNotification Hub Namespaces (microsoft.notificationhubs/namespaces). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Notification Hub Namespaces\r\n(microsoft.notificationhubs/namespaces) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Notification Hub\r\nNamespaces (microsoft.notificationhubs/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Playwright Testing (microsoft.azureplaywrightservice/accounts) to Event\r\nHub Resource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Playwright Testing (microsoft.azureplaywrightservice/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Playwright Testing\r\n(microsoft.azureplaywrightservice/accounts) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for\r\nPlaywright Testing (microsoft.azureplaywrightservice/accounts). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.0.0 Enable logging by category group for Playwright Testing (microsoft.azureplaywrightservice/accounts) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Playwright Testing (microsoft.azureplaywrightservice/accounts).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for PostgreSQL flexible\r\nserver (microsoft.dbforpostgresql/flexibleservers) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Azure Database for PostgreSQL flexible server (microsoft.dbforpostgresql/flexibleservers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Power BI Embedded\r\n(microsoft.powerbidedicated/capacities) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Power BI Embedded\r\n(microsoft.powerbidedicated/capacities). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Power BI Embedded (microsoft.powerbidedicated/capacities) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Power BI Embedded (microsoft.powerbidedicated/capacities).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Power BI Embedded\r\n(microsoft.powerbidedicated/capacities) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Power BI Embedded\r\n(microsoft.powerbidedicated/capacities). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 45 of 54\n\ncategory group for Public IP addresses (microsoft.network/publicipaddresses) to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for Public IP addresses (microsoft.network/publicipaddresses). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.2.0 Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to\r\nLog Analytics Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for Public IP addresses\r\n(microsoft.network/publicipaddresses). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Public IP addresses (microsoft.network/publicipaddresses) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for Public IP addresses (microsoft.network/publicipaddresses). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for Public IP Prefixes (microsoft.network/publicipprefixes) to\r\nEvent Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for Public IP Prefixes (microsoft.network/publicipprefixes).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Public IP Prefixes\r\n(microsoft.network/publicipprefixes) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Public IP\r\nPrefixes (microsoft.network/publicipprefixes). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Public IP Prefixes (microsoft.network/publicipprefixes) to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Public IP Prefixes (microsoft.network/publicipprefixes). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Recovery Services vaults\r\n(microsoft.recoveryservices/vaults) to Event Hub Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to an Event Hub for Recovery Services vaults\r\n(microsoft.recoveryservices/vaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Recovery Services vaults (microsoft.recoveryservices/vaults) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Recovery Services vaults (microsoft.recoveryservices/vaults).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Recovery Services\r\nvaults (microsoft.recoveryservices/vaults) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Recovery\r\nServices vaults (microsoft.recoveryservices/vaults). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Relays (microsoft.relay/namespaces) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 46 of 54\n\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Relays (microsoft.relay/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Relays (microsoft.relay/namespaces) to Log Analytics Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics\r\nworkspace for Relays (microsoft.relay/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Relays (microsoft.relay/namespaces) to Storage Resource logs should be enabled to\r\ntrack activities and events that take place on your resources and give you visibility and insights into any changes\r\nthat occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nRelays (microsoft.relay/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Scaling plans (microsoft.desktopvirtualization/scalingplans) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Scaling plans (microsoft.desktopvirtualization/scalingplans). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Scaling plans\r\n(microsoft.desktopvirtualization/scalingplans) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Scaling\r\nplans (microsoft.desktopvirtualization/scalingplans). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Scaling plans (microsoft.desktopvirtualization/scalingplans) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Scaling plans (microsoft.desktopvirtualization/scalingplans). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for SCOPE pools\r\n(microsoft.synapse/workspaces/scopepools) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for SCOPE pools\r\n(microsoft.synapse/workspaces/scopepools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for SCOPE pools (microsoft.synapse/workspaces/scopepools) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for SCOPE pools (microsoft.synapse/workspaces/scopepools). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for SCOPE pools\r\n(microsoft.synapse/workspaces/scopepools) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for SCOPE pools\r\n(microsoft.synapse/workspaces/scopepools). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Search services (microsoft.search/searchservices) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor Search services (microsoft.search/searchservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0\r\nEnable logging by category group for Search services (microsoft.search/searchservices) to Log Analytics\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 47 of 54\n\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Search services (microsoft.search/searchservices).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Search services\r\n(microsoft.search/searchservices) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Search services\r\n(microsoft.search/searchservices). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by\r\ncategory group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Event Hub Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Service Bus Namespaces (microsoft.servicebus/namespaces). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Service Bus Namespaces\r\n(microsoft.servicebus/namespaces) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Service\r\nBus Namespaces (microsoft.servicebus/namespaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable\r\nlogging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Service Bus Namespaces (microsoft.servicebus/namespaces). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for SignalR (microsoft.signalrservice/signalr)\r\nto Event Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for SignalR (microsoft.signalrservice/signalr). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for SignalR (microsoft.signalrservice/signalr)\r\nto Log Analytics Resource logs should be enabled to track activities and events that take place on your resources\r\nand give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for SignalR (microsoft.signalrservice/signalr).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for SignalR\r\n(microsoft.signalrservice/signalr) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for SignalR\r\n(microsoft.signalrservice/signalr). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for SQL databases (microsoft.sql/servers/databases) to Event Hub Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub\r\nfor SQL databases (microsoft.sql/servers/databases). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable\r\nlogging by category group for SQL databases (microsoft.sql/servers/databases) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for SQL databases (microsoft.sql/servers/databases). DeployIfNotExists,\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 48 of 54\n\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for SQL databases\r\n(microsoft.sql/servers/databases) to Storage Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for SQL databases\r\n(microsoft.sql/servers/databases). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for SQL managed instances (microsoft.sql/managedinstances) to Event Hub Resource logs should\r\nbe enabled to track activities and events that take place on your resources and give you visibility and insights into\r\nany changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event\r\nHub for SQL managed instances (microsoft.sql/managedinstances). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.2.0 Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to\r\nLog Analytics Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to a Log Analytics workspace for SQL managed instances\r\n(microsoft.sql/managedinstances). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for SQL managed instances (microsoft.sql/managedinstances) to Storage Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage\r\nAccount for SQL managed instances (microsoft.sql/managedinstances). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.1.0 Enable logging by category group for Storage movers (microsoft.storagemover/storagemovers) to\r\nEvent Hub Resource logs should be enabled to track activities and events that take place on your resources and\r\ngive you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a\r\ncategory group to route logs to an Event Hub for Storage movers (microsoft.storagemover/storagemovers).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Storage movers\r\n(microsoft.storagemover/storagemovers) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Storage\r\nmovers (microsoft.storagemover/storagemovers). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Storage movers (microsoft.storagemover/storagemovers) to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Storage movers (microsoft.storagemover/storagemovers). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Stream Analytics jobs\r\n(microsoft.streamanalytics/streamingjobs) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Stream Analytics jobs\r\n(microsoft.streamanalytics/streamingjobs). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Stream Analytics jobs (microsoft.streamanalytics/streamingjobs) to Log Analytics Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Stream Analytics jobs (microsoft.streamanalytics/streamingjobs).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Stream Analytics jobs\r\n(microsoft.streamanalytics/streamingjobs) to Storage Resource logs should be enabled to track activities and\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 49 of 54\n\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Stream Analytics\r\njobs (microsoft.streamanalytics/streamingjobs). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints) to Event\r\nHub Resource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Streaming Endpoints\r\n(microsoft.media/mediaservices/streamingendpoints) to Log Analytics Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace\r\nfor Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Streaming Endpoints\r\n(microsoft.media/mediaservices/streamingendpoints) to Storage Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for\r\nStreaming Endpoints (microsoft.media/mediaservices/streamingendpoints). DeployIfNotExists, AuditIfNotExists,\r\nDisabled 1.0.0 Enable logging by category group for Traffic Manager profiles\r\n(microsoft.network/trafficmanagerprofiles) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Traffic Manager\r\nprofiles (microsoft.network/trafficmanagerprofiles). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Traffic Manager profiles\r\n(microsoft.network/trafficmanagerprofiles). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging\r\nby category group for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles) to Storage Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Video Analyzers\r\n(microsoft.media/videoanalyzers) to Event Hub Resource logs should be enabled to track activities and events that\r\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to an Event Hub for Video Analyzers\r\n(microsoft.media/videoanalyzers). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by\r\ncategory group for Video Analyzers (microsoft.media/videoanalyzers) to Log Analytics Resource logs should be\r\nenabled to track activities and events that take place on your resources and give you visibility and insights into any\r\nchanges that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log\r\nAnalytics workspace for Video Analyzers (microsoft.media/videoanalyzers). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Video Analyzers\r\n(microsoft.media/videoanalyzers) to Storage Resource logs should be enabled to track activities and events that\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 50 of 54\n\ntake place on your resources and give you visibility and insights into any changes that occur. This policy deploys a\r\ndiagnostic setting using a category group to route logs to a Storage Account for Video Analyzers\r\n(microsoft.media/videoanalyzers). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Virtual network gateways (microsoft.network/virtualnetworkgateways) to Event Hub Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto an Event Hub for Virtual network gateways (microsoft.network/virtualnetworkgateways). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.2.0 Enable logging by category group for Virtual network gateways\r\n(microsoft.network/virtualnetworkgateways) to Log Analytics Resource logs should be enabled to track activities\r\nand events that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Virtual\r\nnetwork gateways (microsoft.network/virtualnetworkgateways). DeployIfNotExists, AuditIfNotExists, Disabled\r\n1.1.0 Enable logging by category group for Virtual network gateways\r\n(microsoft.network/virtualnetworkgateways) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Virtual network\r\ngateways (microsoft.network/virtualnetworkgateways). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Virtual networks (microsoft.network/virtualnetworks) to Event Hub\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to an Event Hub for Virtual networks (microsoft.network/virtualnetworks). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Virtual networks\r\n(microsoft.network/virtualnetworks) to Log Analytics Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Virtual\r\nnetworks (microsoft.network/virtualnetworks). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Virtual networks (microsoft.network/virtualnetworks) to Storage Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Storage Account for Virtual networks (microsoft.network/virtualnetworks). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Volumes\r\n(microsoft.netapp/netappaccounts/capacitypools/volumes) to Event Hub Resource logs should be enabled to track\r\nactivities and events that take place on your resources and give you visibility and insights into any changes that\r\noccur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Volumes\r\n(microsoft.netapp/netappaccounts/capacitypools/volumes). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0\r\nEnable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to Log\r\nAnalytics Resource logs should be enabled to track activities and events that take place on your resources and give\r\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Log Analytics workspace for Volumes\r\n(microsoft.netapp/netappaccounts/capacitypools/volumes). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0\r\nEnable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to\r\nStorage Resource logs should be enabled to track activities and events that take place on your resources and give\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 51 of 54\n\nyou visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category\r\ngroup to route logs to a Storage Account for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Web PubSub Service\r\n(microsoft.signalrservice/webpubsub) to Event Hub Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to an Event Hub for Web PubSub Service\r\n(microsoft.signalrservice/webpubsub). DeployIfNotExists, AuditIfNotExists, Disabled 1.2.0 Enable logging by\r\ncategory group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Web PubSub Service (microsoft.signalrservice/webpubsub). DeployIfNotExists,\r\nAuditIfNotExists, Disabled 1.1.0 Enable logging by category group for Web PubSub Service\r\n(microsoft.signalrservice/webpubsub) to Storage Resource logs should be enabled to track activities and events\r\nthat take place on your resources and give you visibility and insights into any changes that occur. This policy\r\ndeploys a diagnostic setting using a category group to route logs to a Storage Account for Web PubSub Service\r\n(microsoft.signalrservice/webpubsub). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0 Enable logging by\r\ncategory group for Workspace (microsoft.desktopvirtualization/workspaces) to Log Analytics Resource logs\r\nshould be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs\r\nto a Log Analytics workspace for Azure Virtual Desktop Workspace (microsoft.desktopvirtualization/workspaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Workspaces\r\n(microsoft.desktopvirtualization/workspaces) to Event Hub Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to an Event Hub for Workspaces\r\n(microsoft.desktopvirtualization/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable\r\nlogging by category group for Workspaces (microsoft.desktopvirtualization/workspaces) to Log Analytics\r\nResource logs should be enabled to track activities and events that take place on your resources and give you\r\nvisibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group\r\nto route logs to a Log Analytics workspace for Workspaces (microsoft.desktopvirtualization/workspaces).\r\nDeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Enable logging by category group for Workspaces\r\n(microsoft.desktopvirtualization/workspaces) to Storage Resource logs should be enabled to track activities and\r\nevents that take place on your resources and give you visibility and insights into any changes that occur. This\r\npolicy deploys a diagnostic setting using a category group to route logs to a Storage Account for Workspaces\r\n(microsoft.desktopvirtualization/workspaces). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0 Linux Arc-enabled machines should have Azure Monitor Agent installed Linux Arc-enabled machines should be monitored\r\nand secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from\r\nthe guest OS. This policy will audit Arc-enabled machines in supported regions. Learn more:\r\nhttps://aka.ms/AMAOverview. AuditIfNotExists, Disabled 1.2.0 Linux virtual machine scale sets should have\r\nAzure Monitor Agent installed Linux virtual machine scale sets should be monitored and secured through the\r\ndeployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy\r\nwill audit virtual machine scale sets with supported OS images in supported regions. Learn more:\r\nhttps://aka.ms/AMAOverview. AuditIfNotExists, Disabled 3.6.0 Linux virtual machines should have Azure\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 52 of 54\n\nMonitor Agent installed Linux virtual machines should be monitored and secured through the deployed Azure\r\nMonitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual\r\nmachines with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview.\r\nAuditIfNotExists, Disabled 3.6.0 Log Analytics workspaces should block log ingestion and querying from public\r\nnetworks Improve workspace security by blocking log ingestion and querying from public networks. Only private-link connected networks will be able to ingest and query logs on this workspace. Learn more at\r\nhttps://aka.ms/AzMonPrivateLink#configure-log-analytics. audit, Audit, deny, Deny, disabled, Disabled 1.1.0 Log\r\nAnalytics Workspaces should block non-Azure Active Directory based ingestion. Enforcing log ingestion to\r\nrequire Azure Active Directory authentication prevents unauthenticated logs from an attacker which could lead to\r\nincorrect status, false alerts, and incorrect logs stored in the system. Deny, Audit, Disabled 1.0.0 Public IP\r\naddresses should have resource logs enabled for Azure DDoS Protection Enable resource logs for public IP\r\naddressess in diagnostic settings to stream to a Log Analytics workspace. Get detailed visibility into attack traffic\r\nand actions taken to mitigate DDoS attacks via notifications, reports and flow logs. AuditIfNotExists,\r\nDeployIfNotExists, Disabled 1.0.1 Resource logs should be enabled for Audit on supported resources Resource\r\nlogs should be enabled to track activities and events that take place on your resources and give you visibility and\r\ninsights into any changes that occur. The existence of a diagnostic setting for category group Audit on the selected\r\nresource types ensures that these logs are enabled and captured. Applicable resource types are those that support\r\nthe \"Audit\" category group. AuditIfNotExists, Disabled 1.0.0 Saved-queries in Azure Monitor should be saved in\r\ncustomer storage account for logs encryption Link storage account to Log Analytics workspace to protect saved-queries with storage account encryption. Customer-managed keys are commonly required to meet regulatory\r\ncompliance and for more control over the access to your saved-queries in Azure Monitor. For more details on the\r\nabove, see https://docs.microsoft.com/azure/azure-monitor/platform/customer-managed-keys?\r\ntabs=portal#customer-managed-key-for-saved-queries. audit, Audit, deny, Deny, disabled, Disabled 1.1.0 Storage\r\naccount containing the container with activity logs must be encrypted with BYOK This policy audits if the\r\nStorage account containing the container with activity logs is encrypted with BYOK. The policy works only if the\r\nstorage account lies on the same subscription as activity logs by design. More information on Azure Storage\r\nencryption at rest can be found here https://aka.ms/azurestoragebyok. AuditIfNotExists, Disabled 1.0.0 The legacy\r\nLog Analytics extension should not be installed on Azure Arc enabled Linux servers Automatically prevent\r\ninstallation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor\r\nAgent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the\r\nlegacy agent extension on Azure Arc enabled Linux servers. Learn more: https://aka.ms/migratetoAMA Deny,\r\nAudit, Disabled 1.0.0 The legacy Log Analytics extension should not be installed on Azure Arc enabled Windows\r\nservers Automatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from\r\nlegacy agents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny\r\nall future installations of the legacy agent extension on Azure Arc enabled Windows servers. Learn more:\r\nhttps://aka.ms/migratetoAMA Deny, Audit, Disabled 1.0.0 The legacy Log Analytics extension should not be\r\ninstalled on Linux virtual machine scale sets Automatically prevent installation of the legacy Log Analytics Agent\r\nas the final step of migrating from legacy agents to Azure Monitor Agent. After you have uninstalled existing\r\nlegacy extensions, this policy will deny all future installations of the legacy agent extension on Linux virtual\r\nmachine scale sets. Learn more: https://aka.ms/migratetoAMA Deny, Audit, Disabled 1.0.0 The legacy Log\r\nAnalytics extension should not be installed on Linux virtual machines Automatically prevent installation of the\r\nlegacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor Agent. After you\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 53 of 54\n\nhave uninstalled existing legacy extensions, this policy will deny all future installations of the legacy agent\r\nextension on Linux virtual machines. Learn more: https://aka.ms/migratetoAMA Deny, Audit, Disabled 1.0.0 The\r\nlegacy Log Analytics extension should not be installed on virtual machine scale sets Automatically prevent\r\ninstallation of the legacy Log Analytics Agent as the final step of migrating from legacy agents to Azure Monitor\r\nAgent. After you have uninstalled existing legacy extensions, this policy will deny all future installations of the\r\nlegacy agent extension on Windows virtual machine scale sets. Learn more: https://aka.ms/migratetoAMA Deny,\r\nAudit, Disabled 1.0.0 The legacy Log Analytics extension should not be installed on virtual machines\r\nAutomatically prevent installation of the legacy Log Analytics Agent as the final step of migrating from legacy\r\nagents to Azure Monitor Agent. After you have uninstalled existing legacy extensions, this policy will deny all\r\nfuture installations of the legacy agent extension on Windows virtual machines. Learn more:\r\nhttps://aka.ms/migratetoAMA Deny, Audit, Disabled 1.0.0 Windows Arc-enabled machines should have Azure\r\nMonitor Agent installed Windows Arc-enabled machines should be monitored and secured through the deployed\r\nAzure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. Windows Arc-enabled\r\nmachines in supported regions are monitored for Azure Monitor Agent deployment. Learn more:\r\nhttps://aka.ms/AMAOverview. AuditIfNotExists, Disabled 1.4.0 Windows virtual machine scale sets should have\r\nAzure Monitor Agent installed Windows virtual machine scale sets should be monitored and secured through the\r\ndeployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. Virtual\r\nmachine scale sets with supported OS and in supported regions are monitored for Azure Monitor Agent\r\ndeployment. Learn more: https://aka.ms/AMAOverview. AuditIfNotExists, Disabled 3.5.0 Windows virtual\r\nmachines should have Azure Monitor Agent installed Windows virtual machines should be monitored and secured\r\nthrough the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS.\r\nWindows virtual machines with supported OS and in supported regions are monitored for Azure Monitor Agent\r\ndeployment. Learn more: https://aka.ms/AMAOverview. AuditIfNotExists, Disabled 3.5.0 Workbooks should be\r\nsaved to storage accounts that you control With bring your own storage (BYOS), your workbooks are uploaded\r\ninto a storage account that you control. That means you control the encryption-at-rest policy, the lifetime\r\nmanagement policy, and network access. You will, however, be responsible for the costs associated with that\r\nstorage account. For more information, visit https://aka.ms/workbooksByos deny, Deny, audit, Audit, disabled,\r\nDisabled 1.1.0\r\nSource: https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute\r\nPage 54 of 54",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute"
	],
	"report_names": [
		"built-in-policies#compute"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775438958,
	"ts_updated_at": 1775826772,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d4a93409f14d9428d9722a77ecf3275a07321b96.pdf",
		"text": "https://archive.orkl.eu/d4a93409f14d9428d9722a77ecf3275a07321b96.txt",
		"img": "https://archive.orkl.eu/d4a93409f14d9428d9722a77ecf3275a07321b96.jpg"
	}
}