none
Security Center: Ensure that logging for Azure KeyVault is 'Enabled'

    Question

  • Hi,

    Under security center we are being advised to ensure logging is 'enabled' for our key vaults. 

    It is listing our vaults as "unhealthy resources" and advising us to switch on diagnostics.

    I already have diagnostics active for each of them, the portal is showing them as connected to the Log Ananlytics Workspace I set up. The "AuditEvent" log schema is selected as well as 'all metrics'

    After three days I'm still seeing the error under security center saying that they are not enabled.

    Is there anything else we need to do?

    Thanks

    Dan

    Thursday, May 2, 2019 8:31 AM

All replies

  • Can you check the status of your diagnostics settings using the below commands - 

    $kv = Get-AzKeyVault -VaultName '<Your Key Vault>'
    Get-AzDiagnosticSetting -ResourceId $kv.ResourceId

    Thursday, May 2, 2019 1:09 PM
    Moderator
  • Hi Saura, I've removed the subscription ID from this...

    Metrics:

    Enabled         : False
    TimeGrain       : PT1M
    RetentionPolicy :
             Enabled  : False
             Days     : 0
    Logs                        : 
             Enabled         : False
             Category        : AuditEvent
             RetentionPolicy :
             Enabled  : False
             Days     : 0
    WorkspaceId                 :
    Id                          : /subscriptions/<my sub id>/resourcegroups/rg-hub-key-vaults/prov
                                  iders/microsoft.keyvault/vaults/<my kv name>/providers/microsoft.insights/diagnosticSettin
                                  gs/service
    Name                        : service
    Type                        :
    Location                    :
    Tags                        :


    Friday, May 3, 2019 8:43 AM
  • Hi Saura,

    The status above shows the WorkspaceID is correctly hooked up, which is what I'm seeing in the portal. Is there any reason why this isn't approved by the compliance audit?

    Thanks

    Dan

    Wednesday, May 8, 2019 8:14 AM
  • I do not see the logs are enabled as per the output you have shared.  You can use the Set-AzDiagnosticSetting -ResourceId "Resource01" -Enabled $True to enable all metrics and logs for a resource.
    Tuesday, May 14, 2019 12:25 AM
    Moderator