How to fix Audit Diagnostic Setting recommendation (Security Center/Microsoft Defender for cloud)

asked 2021-11-18T14:51:08.847+00:00
Mateusz Kulpa 1 Reputation point

The title of recommendation is Audit diagnostic Setting and the description: Audit diagnostic setting for selected resource types.

There is no automatic "Fix" button.

For most resources like Storage Accounts and App Services I opened the Diagonostic Settings on the resources and configured it to send the logs/metrics to Log Analytics workspace. But it complains for some resources that do not have "Diagnostic Settings" in the menu like:

  • Virtual Network Gateway (VPN)
  • SQL "master" Database (regular databases have this option and it worked fine for them)
  • Virtual machine scale set for Azure Kubernetes Service

I tried to set it on "parent" resources (e.g. Virtual Network, SQL Server, Azure Kubernetes Service) but it did not help.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,173 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,104 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
663 questions
Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets
Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.
217 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2021-11-20T18:15:24.773+00:00
    Hollish Tnoops 1 Reputation point

    Same issue here on hundreds of VMs, only difference is that ours are already sending diagnostics to Log Analytics so I'm really not sure what it's complaining about.