Azure blueprint PCI v3.2.1:2018: A publicIPAddress resource is Non-Compliant for policy "Audit diagnostic setting"

Frank Schullerer 141 Reputation points
2021-01-27T14:34:09.387+00:00

Hi,

we are experimenting with Azure Blueprints and the PCI-DSS standard. We have already got many resources compliant, such as virtual machines, which have the option "Diagnostic settings" in monitoring. However, the resource publicIPAddress does not have "Diagnostic settings". So we cannot get this compliant for the policy "Audit diagnostic setting" at all. Is there no other choice but to create an exemption for this or have we missed something?

Best regards

Frank Schullerer

Azure Blueprints
Azure Blueprints
An Azure service that provides templates for quick, repeatable creation of fully governed cloud subscriptions.
72 questions
{count} votes

Accepted answer
  1. bharathn-msft 5,096 Reputation points Microsoft Employee
    2021-01-29T16:49:50.817+00:00

    <<Converting from comments to answer for broader community usage.>>

    @Frank Schullerer Post initial analysis of you scenario , diagnostic settings are available for Public IP address resources (see below screenshot for the same)

    61914-image.png

    Alternatively, you can also elect not to include this resource type during blueprint assignment time. Please refer to below

    61905-blue-prints.png

    Hope this information helps, if you have any further queries please feel free to circle back. Thanks


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.