Forum Discussion
Azure Policy - Seeking Guidance: Adding "Destination Table" to Built-In Azure Policy
Hi Team,
I am sharing the existing Built-In Azure Policy that previously sent logs to Log Analytics Workspace. However, it currently lacks the option to choose "Destination Table" with selections such as "Azure Diagnostics" or "Resource Specific."
I would like to include this option in the policy. Could you please advise on how to achieve this?
Built-in Policy Name :
Enable logging by category group for Application gateways (microsoft.network/applicationgateways) to Log Analytics
Policy Code
{
"mode": "Indexed",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "microsoft.network/applicationgateways"
},
{
"anyOf": [
{
"value": "[first(parameters('resourceLocationList'))]",
"equals": "*"
},
{
"field": "location",
"in": "[parameters('resourceLocationList')]"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"evaluationDelay": "AfterProvisioning",
"existenceCondition": {
"allOf": [
{
"count": {
"field": "Microsoft.Insights/diagnosticSettings/logs[*]",
"where": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled",
"equals": "[equals(parameters('categoryGroup'), 'allLogs')]"
},
{
"field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup",
"equals": "allLogs"
}
]
}
},
"equals": 1
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"diagnosticSettingName": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"categoryGroup": {
"type": "String"
},
"resourceName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.network/applicationgateways/providers/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]",
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"logs": [
{
"categoryGroup": "allLogs",
"enabled": "[equals(parameters('categoryGroup'), 'allLogs')]"
}
],
"metrics": []
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Application gateways (microsoft.network/applicationgateways), resourceName ', parameters('resourceName'), ' to Log Analytics ', parameters('logAnalytics'), ' configured')]"
}
}
},
"parameters": {
"diagnosticSettingName": {
"value": "[parameters('diagnosticSettingName')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"categoryGroup": {
"value": "[parameters('categoryGroup')]"
},
"resourceName": {
"value": "[field('name')]"
}
}
}
}
}
}
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"diagnosticSettingName": {
"type": "String",
"metadata": {
"displayName": "Diagnostic Setting Name",
"description": "Diagnostic Setting Name"
},
"defaultValue": "setByPolicy-LogAnalytics"
},
"categoryGroup": {
"type": "String",
"metadata": {
"displayName": "Category Group",
"description": "Diagnostic category group - none, audit, or allLogs."
},
"allowedValues": [
"audit",
"allLogs"
],
"defaultValue": "audit"
},
"resourceLocationList": {
"type": "Array",
"metadata": {
"displayName": "Resource Location List",
"description": "Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)."
},
"defaultValue": [
"*"
]
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics Workspace",
"description": "Log Analytics Workspace",
"strongType": "omsWorkspace",
"assignPermissions": true
}
}
}
}
Try below:
{ "mode": "Indexed", "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "microsoft.network/applicationgateways" }, { "anyOf": [ { "value": "[first(parameters('resourceLocationList'))]", "equals": "*" }, { "field": "location", "in": "[parameters('resourceLocationList')]" } ] } ] }, "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.Insights/diagnosticSettings", "evaluationDelay": "AfterProvisioning", "existenceCondition": { "allOf": [ { "count": { "field": "Microsoft.Insights/diagnosticSettings/logs[*]", "where": { "allOf": [ { "field": "Microsoft.Insights/diagnosticSettings/logs[*].enabled", "equals": "[equals(parameters('categoryGroup'), 'allLogs')]" }, { "field": "microsoft.insights/diagnosticSettings/logs[*].categoryGroup", "equals": "allLogs" } ] } }, "equals": 1 }, { "field": "Microsoft.Insights/diagnosticSettings/workspaceId", "equals": "[parameters('logAnalytics')]" } ] }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2019-08-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "diagnosticSettingName": { "type": "string" }, "logAnalytics": { "type": "string" }, "categoryGroup": { "type": "String" }, "destinationTable": { "type": "String", "allowedValues": [ "AzureDiagnostics", "ResourceSpecific" ] }, "resourceName": { "type": "string" } }, "variables": {}, "resources": [ { "type": "microsoft.network/applicationgateways/providers/diagnosticSettings", "apiVersion": "2021-05-01-preview", "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('diagnosticSettingName'))]", "properties": { "workspaceId": "[parameters('logAnalytics')]", "logs": [ { "categoryGroup": "allLogs", "enabled": "[equals(parameters('categoryGroup'), 'allLogs')]" } ], "metrics": [], "table": "[parameters('destinationTable')]" } } ], "outputs": { "policy": { "type": "string", "value": "[concat('Diagnostic setting ', parameters('diagnosticSettingName'), ' for type Application gateways (microsoft.network/applicationgateways), resourceName ', parameters('resourceName'), ' to Log Analytics ', parameters('logAnalytics'), ' configured')]" } } }, "parameters": { "diagnosticSettingName": { "value": "[parameters('diagnosticSettingName')]" }, "logAnalytics": { "value": "[parameters('logAnalytics')]" }, "categoryGroup": { "value": "[parameters('categoryGroup')]" }, "destinationTable": { "value": "[parameters('destinationTable')]" }, "resourceName": { "value": "[field('name')]" } } } } } } }, "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "DeployIfNotExists", "AuditIfNotExists", "Disabled" ], "defaultValue": "DeployIfNotExists" }, "diagnosticSettingName": { "type": "String", "metadata": { "displayName": "Diagnostic Setting Name", "description": "Diagnostic Setting Name" }, "defaultValue": "setByPolicy-LogAnalytics" }, "categoryGroup": { "type": "String", "metadata": { "displayName": "Category Group", "description": "Diagnostic category group - none, audit, or allLogs." }, "allowedValues": [ "audit", "allLogs" ], "defaultValue": "audit" }, "resourceLocationList": { "type": "Array", "metadata": { "displayName": "Resource Location List", "description": "Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)." }, "defaultValue": [ "*" ] }, "logAnalytics": { "type": "String", "metadata": { "displayName": "Log Analytics Workspace", "description": "Log Analytics Workspace", "strongType": "omsWorkspace", "assignPermissions": true } }, "destinationTable": { "type": "String", "metadata": { "displayName": "Destination Table", "description": "Choose the destination table for the logs." }, "allowedValues": [ "AzureDiagnostics", "ResourceSpecific" ] } } }
