Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
When you monitor your Azure Logic Apps resources in Microsoft Azure Security Center, you can review whether your logic apps are following the default policies. Azure shows the health status for an Azure Logic Apps resource after you enable logging and correctly set up the logs' destination. This article explains how to configure diagnostic logging and make sure that all your logic apps are healthy resources.
Tip
To find the current status for the Azure Logic Apps service, review the Azure status page, which lists the status for different products and services in each available region.
An Azure subscription. If you don't have a subscription, create a free Azure account.
Existing logic apps with diagnostic logging enabled.
A Log Analytics workspace, which is required to enable logging for your logic app. If you don't have a workspace, first create your workspace.
Before you can view the resource health status for your logic apps, you must first set up diagnostic logging. If you already have a Log Analytics workspace, you can enable logging either when you create your logic app or on existing logic apps.
Tip
The default recommendation is to enable diagnostic logs for Azure Logic Apps. However, you control this setting for your logic apps. When you enable diagnostic logs for your logic apps, you can use the information to help analyze security incidents.
If you're not sure whether your logic apps have diagnostic logging enabled, you can check in Defender for Cloud:
After you've enabled diagnostic logging, you can see the health status of your logic apps in Defender for Cloud.
Sign in to the Azure portal.
In the search bar, enter and select Defender for Cloud.
On the workload protection dashboard menu, under General, select Inventory.
On the inventory page, filter your assets list to show only Azure Logic Apps resources. In the page menu, select Resource types > logic apps.
The Unhealthy Resources counter shows the number of logic apps that Defender for Cloud considers unhealthy.
In the list of logic apps resources, review the Recommendations column. To review the health details for a specific logic app, select a resource name, or select the ellipses button (...) > View resource.
To remediate any potential resource health issues, follow the steps listed for your logic apps.
If diagnostic logging is already enabled, there might be an issue with the destination for your logs. Review how to fix issues with different diagnostic logging destinations.
If your logic apps are listed as unhealthy in Defender for Cloud, open your logic app in Code View in the Azure portal or through the Azure CLI. Then, check the destination configuration for your diagnostic logs: Azure Log Analytics, Azure Event Hubs, or an Azure Storage account.
If you use Log Analytics or Event Hubs as the destination for your Azure Logic Apps diagnostic logs, check the following settings.
logs.enabled
field is set to true
.storageAccountId
field is set to false
.For example:
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"anyOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"notEquals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/storageAccountId",
"exists": false
}
]
}
]
If you use a storage account as the destination for your Azure Logic Apps diagnostic logs, check the following settings.
logs.enabled
field is set to true
.retentionPolicy.enabled
field is set to true
.retentionPolicy.days
field is set to a number inclusively between 0 and 365."allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"equals": "true"
},
{
"anyOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "0"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "[parameters('requiredRetentionDays')]"
}
]
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
}
]
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Module
Capture Web Application Logs with App Service Diagnostics Logging - Training
Learn about how to capture trace output from your Azure web apps. View a live log stream and download logs files for offline analysis.
Certification
Microsoft Certified: Security Operations Analyst Associate - Certifications
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
Documentation
Monitor logic app workflows - Azure Logic Apps
Start here to learn about monitoring workflows in Azure Logic Apps.
Collect diagnostic data for workflows - Azure Logic Apps
Record diagnostic data for workflows in Azure Logic Apps with Azure Monitor Logs.
View and create queries for logic apps in Azure Monitor logs - Azure Logic Apps
View and create queries in Azure Monitor logs for Azure Logic Apps.