Share via

How to remediate "Audit diagnostic setting for selected resource types"

Najam ul Saqib 360 Reputation points
Feb 5, 2024, 1:51 PM

Hi, Under regulatory compliance in defender, I have this recommendation "Audit diagnostic setting for selected resource types" which sounds very confusing. I have many resources under this recommendation, I opened some and enabled all type of diagnostic logs in them e.g. User's image

but still they're appearing in the unhealthy resources. Why is it so? What type of logs does this check wants?

Secondly, there are some "master" databases who doesn't have setting of diagnostic logs at all but they're appearing as unhealthy, how can they be made healthy? User's image

P.S. 1-2 resources became healthy by the same configuration I mentioned above. It's been a week since I have made the changes so refresh interval shouldn't be a problem

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,491 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,906 Reputation points Microsoft Employee
    Feb 6, 2024, 8:11 AM

    @Najam ul Saqib

    Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are trying to manually trying to remediate recommendations for Audit diagnostic setting for selected resource types. However, this is not result successful on many of the resources and they are still showing up as unhealthy.

    Please do correct me by responding in the comments section for any discrepancies.

    • As per the screenshot you shared it looks like many of the impacted resources are SQL database server and you have enabled "audit" from diagnostic settings options.
    • But as per Diagnostic settings- Resource logs

    Enabling Audit for Azure SQL Database does not enable auditing for Azure SQL Database. To enable database auditing, you have to enable it from the auditing blade for Azure Database.

    User's image

    Suggestion here to Enable Audit within Azure Database.


    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.