'Create Policy Assignment' activity log alert should be configured

azure.activity_log
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To improve detection of unsolicited changes and gain insight into modifications made in “Azure policy - assignments,” it is recommended to create an activity log alert specifically for the Create Policy Assignment event. This alert will help monitor and track any occurrences of policy assignment creation, reducing the time it takes to identify and respond to any unauthorized changes.

Remediation

From the console

  1. Go to Monitor and select Alerts.
  2. Click New Alert Rule.
  3. Under Scope, click Select Resource.
  4. Under Filter by Subscription, select the appropriate subscription.
  5. Under Filter by Resource Type, select Policy Assignment.
  6. Select All for Filter by Location.
  7. Click the subscription resource from the entries populated under Resource. Verify that the selection preview shows All Policy assignment (policyAssignments) and the selected subscription name.
  8. Click Done.
  9. Under Condition, click Add Condition, then select the Create Policy Assignment signal.
  10. Click Done.
  11. Under Action Group, select Add Action Groups and complete the creation process or select the appropriate action group.
  12. Under Alert Rule Details, enter the Alert Rule Name and Description.
  13. Select the appropriate resource group to save the alert to.
  14. Select the Enable alert rule upon creation checkbox.
  15. Click Create Alert Rule.
PREVIEWING: brett.blue/embedded-collector-release