Azure Policy Compliance state showing as Non-compliant for Configure diagnostic settings for Storage Accounts to Log Analytics workspace Policy

Mallaiah S 0 Reputation points
2023-07-01T21:08:03.9333333+00:00

User's image

Using terraform script passed the parameter values(log analytics) also showing as Non-compliant, We are not allowed to create remediation task to make it as Compliance by any script.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
952 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. alta94 2,191 Reputation points
    2023-07-01T23:02:47.23+00:00

    Hi Mallaiah S

    Overview: It's a security policy that send diagnostic logs to Log Analytics in your azure. Basically, this doesn't affect operation but only affect the compliance.

    1. Can you first check - Does that storage account really exist in your azure?

    Compliance reason is in "NOT FOUND " maybe someone created it and deleted it after some time. If it's true, then it will be soon start showing in compliant state.

    1. If you want to make it compliant: Go to the storage - Search in left pane for DIAGNOSTICS SETTING" and create manually diagnostics setting and set the Log Analytics as per policy definition. Refer Snapshot for help.

    Note: Attach the correct Log analytics as per mentioned in policy definition otherwise it won't work.

    User's image

    Step 2 is a work around since you said you don't have remediation option and want to make it compliant. Once you added the correct diagnostic setting then you need to wait for policy to re-evaluate the value (which happens every 12 Hr typically)

    Step 3: If the diagnostic setting already existed and it is set to correct Log analytic workspace but it still you are getting non-compliant, then check if the name of diagnostic setting is same as mentioned in policy. Since you will be creating it manually.

    Search in your policy definition for this detail and "default value : storageaccount disgnosticxxxxxx " in this way your diagnostic name should be storageAccountsDiagnosticsLogsxxxxxx . hope you understood the example.

      "diagnosticsSettingNameToUse": {
            "type": "String",
            "metadata": {
              "displayName": "Setting name",
              "description": "Name of the diagnostic settings."
            },
            "defaultValue": "storageAccountsDiagnosticsLogxxxxxx"
    

    --- if you find this help, please accept the answer---

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.