Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,645 questions
Deprecated operationnames used in MS built-in policies & absent log export-> "Microsoft.Security/securitySolutions/write" & "Microsoft.Security/securitySolutions/delete
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 40%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB8%3C/text%3E%3C/svg%3E)
BartDecker-8243
180
Reputation points
Via MS Support is was confirmed that these two operationnames are deprecated
"Microsoft.Security/securitySolutions/write" & "Microsoft.Security/securitySolutions/delete
These are replaced by:
"Microsoft.Security/locations/securitySolutions/write" and "Microsoft.Security/locations/securitySolutions/delete
However the support desk could not help me with the following 2 problems the above change creates:
- These opreationnames are used in the following (among others) policy which is part oft the CIS Benchmark)
[https://www.azadvertizer.net/azpolicyadvertizer/3b980d31-7904-4bb7-8575-5665739a8052.html](https://www.azadvertizer.net/azpolicyadvertizer/3b980d31-7904-4bb7-8575-5665739a8052.html) - The activity logs related to both actions by creating and deleting a security solution are not send to log analytics when all categories are ticked in the diagnosticrule on the subscription. So these two new actions seem not to be part of the "security category of the diagnostic rule logs.
All boxes ticked.
After creating and security solution the only item found (by correlation id) in the LA workspace is the "semi-integrated solution creation. The Delete secrutiy solution and the write security solution are not exported to the LA workspace.
I guess the change in operationname was not implemented across "the azure landscape"
Azure Monitor
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,014 questions
{count} votes
-
Ryan Hill 30,281 Reputation points Microsoft Employee Moderator2023-07-20T21:53:27.4033333+00:00 @Anonymous I've reached out the product team to get additional insights to see if this is a known gap or something. I'll post an update once I have relevant information.
Sign in to comment
Sign in to answer