| 💼 7.1 Logging and Monitoring | 5 | | | |
| 💼 7.1.1 Configuring Diagnostic Settings | 10 | | | |
| 💼 7.1.1.1 Ensure that a 'Diagnostic Setting' exists for Subscription Activity Logs (Manual) | | | 1 | |
| 💼 7.1.1.2 Ensure Diagnostic Setting captures appropriate categories (Automated) | | | 1 | |
| 💼 7.1.1.3 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key (CMK) (Automated) | | | 1 | |
| 💼 7.1.1.4 Ensure that logging for Azure Key Vault is 'Enabled' (Automated) | | | 1 | |
| 💼 7.1.1.5 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics (Manual) | | | 1 | |
| 💼 7.1.1.6 Ensure that logging for Azure AppService 'HTTP logs' is enabled (Automated) | | | 1 | |
| 💼 7.1.1.7 Ensure that virtual network flow logs are captured and sent to Log Analytics (Manual) | | | 1 | |
| 💼 7.1.1.8 Ensure that a Microsoft Entra diagnostic setting exists to send Microsoft Graph activity logs to an appropriate destination (Manual) | | | 1 | |
| 💼 7.1.1.9 Ensure that a Microsoft Entra diagnostic setting exists to send Microsoft Entra activity logs to an appropriate destination (Manual) | | | 1 | |
| 💼 7.1.1.10 Ensure that Intune logs are captured and sent to Log Analytics (Manual) | | | 1 | |
| 💼 7.1.2 Monitoring using Activity Log Alerts | 11 | | | |
| 💼 7.1.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment (Automated) | | | 1 | |
| 💼 7.1.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment (Automated) | | | 1 | |
| 💼 7.1.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group (Automated) | | | 1 | |
| 💼 7.1.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group (Automated) | | | 1 | |
| 💼 7.1.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution (Automated) | | | 1 | |
| 💼 7.1.2.6 Ensure that Activity Log Alert exists for Delete Security Solution (Automated) | | | 1 | |
| 💼 7.1.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule (Automated) | | | 1 | |
| 💼 7.1.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule (Automated) | | | 1 | |
| 💼 7.1.2.9 Ensure that Activity Log Alert exists for Create or Update Public IP Address rule (Automated) | | | 1 | |
| 💼 7.1.2.10 Ensure that Activity Log Alert exists for Delete Public IP Address rule (Automated) | | | 1 | |
| 💼 7.1.2.11 Ensure that an Activity Log Alert exists for Service Health (Automated) | | | 1 | |
| 💼 7.1.3 Configuring Application Insights | 1 | | | |
| 💼 7.1.3.1 Ensure Application Insights are Configured (Automated) | | | 1 | |
| 💼 7.1.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it (Manual) | | | 1 | |
| 💼 7.1.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads) (Manual) | | | 1 | |
| 💼 7.2 Ensure that Resource Locks are set for Mission-Critical Azure Resources (Manual) | | | 1 | |