Remediation
From Azure Portalβ
- Go to
Key vaults. - Select a Key vault.
- Select
Diagnostic settings. - Click
Edit settingto update an existing diagnostic setting, orAdd diagnostic settingto create a new one. - If creating a new diagnostic setting, provide a name.
- Configure an appropriate destination.
- Under
Category groups, checkauditandallLogs. - Click
Save.
From Azure CLIβ
To update an existing Diagnostic Settings:
az monitor diagnostic-settings update \
--name {{diagnostic-setting-name}} \
--resource {{key-vault-id}}
To create a new Diagnostic Settings:
az monitor diagnostic-settings create \
--name {{diagnostic-setting-name}} \
--resource {{key-vault-id}} \
--logs "[{category:audit,enabled:true},{category:allLogs,enabled:true}]" \
--metrics "[{category:AllMetrics,enabled:true}]" \
--event-hub {{event-hub-id}} \
--event-hub-rule {{event-hub-auth-rule-id}} \
--storage-account {{storage-account-id}} \
--workspace {{log-analytics-workspace-id}} \
--marketplace-partner-id {{marketplace-partner-id}}
From PowerShellβ
Create the Log settings object:
$logSettings = @()
$logSettings += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category audit
$logSettings += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category allLogs
Create the Metric settings object:
$metricSettings = @()
$metricSettings += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category AllMetrics
Create the Diagnostic Settings for each Key Vault:
New-AzDiagnosticSetting `
-Name {{diagnostic-setting-name}} `
-ResourceId {{key-vault-id}} `
-Log $logSettings `
-Metric $metricSettings `
-StorageAccountId {{storage-account-id}} `
-EventHubName {{event-hub-name}} `
-EventHubAuthorizationRuleId {{event-hub-auth-rule-id}} `
-WorkSpaceId {{log-analytics-workspace-id}} `
-MarketPlacePartnerId {{marketplace-partner-id}}