Monitor log profile should have activity logs for global services and all regions

Description

Configure the log profile to export activities from all Azure supported regions/locations including global. This rule is evaluated against all resource locations that Fugue has permission to scan.

Portal Remediation Steps

• Note this rule applies to the legacy experience for Azure Activity log.

• Navigate to Activity log.

• Select Diagnostics setting.

• Click Looking for the legacy experience? Click here to launch the ‘Export activity log’ blade.

• From the Regions drop-down, check Select all.

• Click Save.

CLI Remediation Steps

• Retrieve a list of all locations enabled for your subscription:

az account list-locations --query [].name

• To enable activity logs for global services and all regions, follow the Azure documentation to create a log profile and set the desired flags, including a space-separated list of locations (e.g., --locations "global" "eastus" "westus" etc.) according to the list you retrieved:

az monitor log-profiles create --categories
                               --days
                               --enabled {false, true}
                               --location
                               --locations
                               --name
                               [--service-bus-rule-id]
                               [--storage-account-id]
                               [--subscription]
                               [--tags]

Documentation Links

• Create Diagnostic Settings to Send Platform Logs and Metrics to Different Destinations

• az monitor log-profiles

• Configure Log Profile Using Azure CLI