You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/nsg-flow-logs-policy-portal.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,9 +14,9 @@ ms.custom: engagement-fy23
14
14
15
15
# Deploy and manage NSG flow logs using Azure Policy
16
16
17
-
Azure Policy helps to enforce organizational standards and to assess compliance at scale. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. In this article, we will use two built-in policies available for NSG Flow Logs to manage your flow logs setup. The first policy flags any NSGs without flow logs enabled. The second policy automatically deploys Flow logs for NSGs without Flow logs enabled.
17
+
Azure Policy helps to enforce organizational standards and to assess compliance at scale. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. In this article, we'll use two built-in policies available for NSG Flow Logs to manage your flow logs setup. The first policy flags any NSGs without flow logs enabled. The second policy automatically deploys Flow logs for NSGs without Flow logs enabled.
18
18
19
-
If you are creating an Azure Policy definition for the first time, you can read through:
19
+
If you're creating an Azure Policy definition for the first time, you can read through:
4.Click the three dots menu under "Policy Definitions" to see available policies
39
+
4.Select the three dots menu under "Policy Definitions" to see available policies
40
40
41
41
5. Use the Type filter and choose "Built-in". Then search for "Flow log"
42
42
@@ -54,7 +54,7 @@ There are separate instructions for each policy below.
54
54
55
55
### How the policy works
56
56
57
-
The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property does not exist, the NSG is flagged.
57
+
The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property doesn't exist, the NSG is flagged.
58
58
59
59
If you want to see the full definition of the policy, you can visit the [Definitions tab](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Definitions) and search for "Flow logs" to find the policy
60
60
@@ -66,9 +66,9 @@ If you want to see the full definition of the policy, you can visit the [Definit
66
66
- Policy Definition: Should be chosen as shown in the "Locate the policies" section.
67
67
- AssignmentName: Choose a descriptive name
68
68
69
-
2.Click on "Review + Create" to review your assignment
69
+
2.Select "Review + Create" to review your assignment
70
70
71
-
The policy does not require any parameters. As you are assigning an audit policy, you do not need to fill in the details in the "Remediation" tab.
71
+
The policy doesn't require any parameters. As you're assigning an audit policy, you don't need to fill in the details in the "Remediation" tab.
@@ -83,7 +83,7 @@ You should see something similar to the following screenshot once your policy ru
83
83
84
84
### Policy Structure
85
85
86
-
The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property does not exist, the policy deploys a Flow log.
86
+
The policy checks all existing ARM objects of type “Microsoft.Network/networkSecurityGroups”, that is it looks at all NSGs in a given scope, and checks for the existence of linked Flow logs via the Flow Logs property of the NSG. If the property doesn't exist, the policy deploys a Flow log.
87
87
88
88
If you want to see the full definition of the policy, you can visit the [Definitions tab](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Definitions) and search for "Flow logs" to find the policy.
89
89
@@ -100,7 +100,7 @@ If you want to see the full definition of the policy, you can visit the [Definit
100
100
The Network Watcher service is a regional service. These parameters allow the policy action of deploying flow logs to be executed.
101
101
- NSG Region: Azure regions at which the policy is targeted
102
102
- Storage ID: Full resource ID of the storage account. Note: This storage account should be in the same region as the NSG.
103
-
- Network Watchers RG: Name of the resource group containing your Network Watcher resource. If you have not renamed it, you can enter `NetworkWatcherRG` which is the default.
103
+
- Network Watchers RG: Name of the resource group containing your Network Watcher resource. If you haven't renamed it, you can enter `NetworkWatcherRG` which is the default.
104
104
- Network Watcher name: Name of the regional network watcher service. Format: NetworkWatcher_RegionName. Example: NetworkWatcher_centralus. See the full list.
0 commit comments