Diagnostic Setting should capture appropriate categories

Description

Before proceeding with the recommendation, it is important to ensure that a Diagnostic Setting already exists. This allows for the appropriate navigation and options mentioned in the recommendation. Diagnostic settings should be configured to log the relevant activities from the control/management plane. By capturing the appropriate diagnostic setting categories for these activities, it enables effective alerting and monitoring. For single resources, refer to the Diagnostic settings in Azure Monitor documentation, and for multiple resource types at scale, refer to Create diagnostic settings at scale using Azure Policies and Initiatives.

Remediation

From the console

  1. Go to Azure Monitor.
  2. Click Activity log, then click Export Activity Logs.
  3. Select the Subscription from the drop-down menu.
  4. Click Add diagnostic setting and enter a name for the Diagnostic Setting.
  5. Check the following categories: Administrative, Alert, Policy, and Security.
  6. Choose the log destination details according to your organization’s needs.