ad_guest_user_reviewed_monthlyad_manual_controlapimanagement_service_with_virtual_networkapp_configuration_private_link_usedapp_service_environment_internal_encryption_enabledapplication_gateway_waf_enabledappservice_api_app_client_certificates_onappservice_api_app_cors_no_starappservice_api_app_ftps_enabledappservice_api_app_latest_tls_versionappservice_api_app_remote_debugging_disabledappservice_api_app_use_httpsappservice_api_app_uses_managed_identityappservice_authentication_enabledappservice_azure_defender_enabledappservice_ftp_deployment_disabledappservice_function_app_client_certificates_onappservice_function_app_cors_no_starappservice_function_app_ftps_enabledappservice_function_app_latest_http_versionappservice_function_app_latest_java_versionappservice_function_app_latest_python_versionappservice_function_app_latest_tls_versionappservice_function_app_only_https_accessibleappservice_function_app_remote_debugging_disabledappservice_function_app_uses_managed_identityappservice_web_app_client_certificates_onappservice_web_app_cors_no_starappservice_web_app_diagnostic_logs_enabledappservice_web_app_ftps_enabledappservice_web_app_incoming_client_cert_onappservice_web_app_latest_http_versionappservice_web_app_latest_java_versionappservice_web_app_latest_php_versionappservice_web_app_latest_python_versionappservice_web_app_latest_tls_versionappservice_web_app_register_with_active_directory_enabledappservice_web_app_remote_debugging_disabledappservice_web_app_use_httpsappservice_web_app_use_virtual_service_endpointappservice_web_app_uses_managed_identityarc_compute_machine_linux_log_analytics_agent_installedarc_compute_machine_windows_log_analytics_agent_installedautomation_account_variable_encryption_enabledazure_redis_cache_in_virtual_networkazure_redis_cache_ssl_enabledazure_redis_cache_uses_private_linkbatch_account_encrypted_with_cmkbatch_account_logging_enabledcognitive_account_encrypted_with_cmkcognitive_account_private_link_usedcognitive_account_public_network_access_disabledcognitive_account_restrict_public_accesscognitive_service_local_auth_disabledcompute_disk_access_uses_private_linkcompute_os_and_data_disk_encrypted_with_cmkcompute_os_and_data_disk_encrypted_with_cmk_and_platform_managedcompute_unattached_disk_encrypted_with_cmkcompute_vm_account_with_password_linuxcompute_vm_and_sacle_set_encryption_at_host_enabledcompute_vm_attached_with_networkcompute_vm_azure_defender_enabledcompute_vm_disaster_recovery_enabledcompute_vm_guest_configuration_installedcompute_vm_guest_configuration_installed_linuxcompute_vm_guest_configuration_installed_windowscompute_vm_guest_configuration_with_no_managed_identitycompute_vm_guest_configuration_with_system_assigned_managed_identitycompute_vm_guest_configuration_with_user_and_system_assigned_managed_identitycompute_vm_jit_access_protectedcompute_vm_log_analytics_agent_installedcompute_vm_log_analytics_agent_installed_windowscompute_vm_malware_agent_automatic_upgrade_enabledcompute_vm_malware_agent_installedcompute_vm_max_password_age_70_days_windowscompute_vm_meet_security_baseline_requirements_linuxcompute_vm_meet_security_baseline_requirements_windowscompute_vm_min_password_age_1_day_windowscompute_vm_min_password_length_14_windowscompute_vm_network_traffic_data_collection_linux_agent_installedcompute_vm_network_traffic_data_collection_windows_agent_installedcompute_vm_password_complexity_setting_enabled_windowscompute_vm_passwords_stored_using_reversible_encryption_windowscompute_vm_remote_access_restrictedcompute_vm_remote_access_restricted_all_portscompute_vm_restrict_previous_24_passwords_resuse_windowscompute_vm_restrict_remote_connection_from_accounts_without_password_linuxcompute_vm_scale_set_log_analytics_agent_installedcompute_vm_scale_set_logging_enabledcompute_vm_secure_communication_protocols_configuredcompute_vm_ssh_key_authentication_linuxcompute_vm_system_updates_installedcompute_vm_tcp_udp_access_restricted_internetcompute_vm_uses_azure_resource_managercompute_vm_utilizing_managed_diskcompute_vm_vulnerability_assessment_solution_enabledcompute_vm_windows_defender_exploit_guard_enabledcontainer_registry_azure_defender_enabledcontainer_registry_encrypted_with_cmkcontainer_registry_restrict_public_accesscontainer_registry_use_virtual_service_endpointcontainer_registry_uses_private_linkcosmosdb_account_encryption_at_rest_using_cmkcosmosdb_account_uses_private_linkcosmosdb_account_virtual_network_filter_enabledcosmosdb_account_with_firewall_rulescosmosdb_use_virtual_service_endpointdata_factory_encrypted_with_cmkdata_factory_uses_private_linkdatabox_edge_device_double_encryption_enableddatalake_analytics_account_logging_enableddatalake_store_account_encryption_enableddatalake_store_account_logging_enableddns_azure_defender_enabledeventgrid_domain_private_link_usedeventgrid_topic_private_link_usedeventhub_namespace_cmk_encryption_enabledeventhub_namespace_logging_enabledeventhub_namespace_private_link_usedeventhub_namespace_use_virtual_service_endpointfrontdoor_waf_enabledhdinsight_cluster_encrypted_at_rest_with_cmkhdinsight_cluster_encryption_at_host_enabledhdinsight_cluster_encryption_in_transit_enabledhealthcare_fhir_azure_api_encrypted_at_rest_with_cmkhealthcare_fhir_uses_private_linkhpc_cache_encrypted_with_cmkiam_conditional_access_mfa_enablediam_deprecated_accountiam_deprecated_account_with_owner_rolesiam_external_user_with_owner_roleiam_external_user_with_read_permissioniam_external_user_with_write_permissioniam_no_custom_roleiam_no_custom_subscription_owner_roles_creatediam_subscription_owner_max_3iam_subscription_owner_more_than_1iam_user_not_allowed_to_create_security_groupiam_user_not_allowed_to_register_applicationiot_hub_logging_enabledkeyvault_azure_defender_enabledkeyvault_key_expiration_setkeyvault_logging_enabledkeyvault_managed_hms_logging_enabledkeyvault_managed_hms_purge_protection_enabledkeyvault_purge_protection_enabledkeyvault_rbac_enabledkeyvault_secret_expiration_setkeyvault_soft_delete_enabledkeyvault_vault_private_link_usedkeyvault_vault_public_network_access_disabledkeyvault_vault_recoverablekeyvault_vault_use_virtual_service_endpointkeyvault_with_non_rbac_key_expiration_setkeyvault_with_non_rbac_secret_expiration_setkeyvault_with_rbac_key_expiration_setkeyvault_with_rbac_secret_expiration_setkubernetes_azure_defender_enabledkubernetes_cluster_add_on_azure_policy_enabledkubernetes_cluster_authorized_ip_range_definedkubernetes_cluster_os_and_data_disks_encrypted_with_cmkkubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_hostkubernetes_cluster_upgraded_with_non_vulnerable_versionkubernetes_instance_rbac_enabledkusto_cluster_disk_encryption_enabledkusto_cluster_double_encryption_enabledkusto_cluster_encrypted_at_rest_with_cmklogic_app_workflow_logging_enabledmachine_learning_workspace_encrypted_with_cmkmanual_controlmanual_control_hipaamariadb_server_geo_redundant_backup_enabledmariadb_server_public_network_access_disabledmonitor_application_insights_configuredmonitor_diagnostic_settings_captures_proper_categoriesmonitor_log_alert_create_policy_assignmentmonitor_log_alert_create_update_nsgmonitor_log_alert_create_update_nsg_rulemonitor_log_alert_create_update_public_ip_addressmonitor_log_alert_create_update_security_solutionmonitor_log_alert_create_update_sql_servers_firewall_rulemonitor_log_alert_delete_nsgmonitor_log_alert_delete_nsg_rulemonitor_log_alert_delete_policy_assignmentmonitor_log_alert_delete_public_ip_addressmonitor_log_alert_delete_security_solutionmonitor_log_alert_delete_sql_servers_firewall_rulemonitor_log_alert_for_administrative_operationsmonitor_log_alert_sql_firewall_rulemonitor_log_profile_enabled_for_all_categoriesmonitor_log_profile_enabled_for_all_regionsmonitor_logs_storage_container_encryptes_with_byokmonitor_logs_storage_container_not_public_accessiblemssql_managed_instance_encryption_at_rest_using_cmkmssql_managed_instance_vulnerability_assessment_enabledmysql_db_server_geo_redundant_backup_enabledmysql_server_audit_logging_enabledmysql_server_audit_logging_events_connection_setmysql_server_encrypted_at_rest_using_cmkmysql_server_infrastructure_encryption_enabledmysql_server_min_tls_1_2mysql_server_private_link_usedmysql_server_public_network_access_disabledmysql_ssl_enablednetwork_bastion_host_min_1network_ddos_enablednetwork_interface_ip_forwarding_disablednetwork_lb_no_basic_skunetwork_public_ip_no_basic_skunetwork_security_group_diagnostic_setting_deployednetwork_security_group_https_access_restrictednetwork_security_group_not_configured_gateway_subnetsnetwork_security_group_rdp_access_restrictednetwork_security_group_remote_access_restrictednetwork_security_group_ssh_access_restrictednetwork_security_group_subnet_associatednetwork_security_group_udp_service_restrictednetwork_sg_flowlog_retention_period_greater_than_90network_virtual_network_gateway_no_basic_skunetwork_watcher_enablednetwork_watcher_in_regions_with_virtual_networkpostgres_db_server_connection_throttling_onpostgres_db_server_geo_redundant_backup_enabledpostgres_db_server_log_checkpoints_onpostgres_db_server_log_connections_onpostgres_db_server_log_disconnections_onpostgres_db_server_log_retention_days_3postgres_server_private_link_usedpostgres_sql_server_encrypted_at_rest_using_cmkpostgres_sql_ssl_enabledpostgresql_server_infrastructure_encryption_enabledpostgresql_server_public_network_access_disabledredis_cache_no_basic_skuresource_manager_azure_defender_enabledsearch_service_logging_enabledsearch_service_public_network_access_disabledsearch_service_uses_private_linksearch_service_uses_sku_supporting_private_linksecuritycenter_additional_email_configuredsecuritycenter_asc_default_setting_not_disabledsecuritycenter_automatic_provisioning_monitoring_agent_onsecuritycenter_azure_defender_on_for_appservicesecuritycenter_azure_defender_on_for_containerregistrysecuritycenter_azure_defender_on_for_cosmosdbsecuritycenter_azure_defender_on_for_databasesecuritycenter_azure_defender_on_for_dnssecuritycenter_azure_defender_on_for_k8ssecuritycenter_azure_defender_on_for_keyvaultsecuritycenter_azure_defender_on_for_opensource_relational_dbsecuritycenter_azure_defender_on_for_resource_managersecuritycenter_azure_defender_on_for_serversecuritycenter_azure_defender_on_for_sqldbsecuritycenter_azure_defender_on_for_sqlservervmsecuritycenter_azure_defender_on_for_storagesecuritycenter_email_configuredsecuritycenter_mcas_integrationsecuritycenter_notify_alerts_configuredsecuritycenter_security_alerts_to_owner_enabledsecuritycenter_wdatp_integrationservicebus_name_space_private_link_usedservicebus_namespace_logging_enabledservicebus_premium_namespace_cmk_encryptedservicebus_use_virtual_service_endpointservicefabric_cluster_active_directory_authentication_enabledservicefabric_cluster_protection_level_as_encrypt_and_signsignalr_service_private_link_usedspring_cloud_service_network_injection_enabledsql_database_allow_internet_accesssql_database_long_term_geo_redundant_backup_enabledsql_database_server_azure_defender_enabledsql_database_transparent_data_encryption_enabledsql_database_vulnerability_findings_resolvedsql_db_active_directory_admin_configuredsql_db_public_network_access_disabledsql_server_and_databases_va_enabledsql_server_atp_enabledsql_server_auditing_onsql_server_auditing_retention_period_90sql_server_auditing_storage_account_destination_retention_90_dayssql_server_azure_ad_authentication_enabledsql_server_azure_defender_enabledsql_server_tde_protector_cmk_encryptedsql_server_transparent_data_encryption_enabledsql_server_use_virtual_service_endpointsql_server_uses_private_linksql_server_va_setting_periodic_scan_enabledsql_server_va_setting_reports_notify_adminssql_server_va_setting_scan_reports_configuredsql_server_vm_azure_defender_enabledstorage_account_blob_containers_public_access_privatestorage_account_blob_service_logging_enabledstorage_account_block_public_accessstorage_account_default_network_access_rule_deniedstorage_account_encryption_at_rest_using_cmkstorage_account_encryption_scopes_encrypted_at_rest_with_cmkstorage_account_geo_redundant_enabledstorage_account_infrastructure_encryption_enabledstorage_account_min_tls_1_2storage_account_queue_services_logging_enabledstorage_account_restrict_network_accessstorage_account_secure_transfer_required_enabledstorage_account_soft_delete_enabledstorage_account_trusted_microsoft_services_enabledstorage_account_use_virtual_service_endpointstorage_account_uses_azure_resource_managerstorage_account_uses_private_linkstorage_azure_defender_enabledstorage_sync_private_link_usedstream_analytics_job_logging_enabledsynapse_workspace_encryption_at_rest_using_cmksynapse_workspace_private_link_usedsynapse_workspace_vulnerability_assessment_enabled
Query: monitor_log_profile_enabled_for_all_regions
Usage
steampipe query azure_compliance.query.monitor_log_profile_enabled_for_all_regionsPlugins & Tables
SQL
select p.id as resource, case when p.log_event_location @> '["global", "australiacentral", "australiacentral2", "australiaeast", "australiasoutheast", "brazilsouth", "brazilsoutheast", "canadacentral", "canadaeast", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "francesouth","germanynorth", "germanywestcentral", "japaneast", "japanwest", "jioindiawest", "koreacentral", "koreasouth", "northcentralus", "northeurope", "norwayeast", "norwaywest", "southafricanorth", "southafricawest", "southcentralus", "southeastasia", "southindia", "switzerlandnorth", "switzerlandwest", "uaecentral", "uaenorth", "uksouth", "ukwest", "westcentralus", "westeurope", "westindia", "westus", "westus2", "westus3"]' then 'ok' else 'alarm' end as status, case when p.log_event_location @> '["global", "australiacentral", "australiacentral2", "australiaeast", "australiasoutheast", "brazilsouth", "brazilsoutheast", "canadacentral", "canadaeast", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "francesouth","germanynorth", "germanywestcentral", "japaneast", "japanwest", "jioindiawest", "koreacentral", "koreasouth", "northcentralus", "northeurope", "norwayeast", "norwaywest", "southafricanorth", "southafricawest", "southcentralus", "southeastasia", "southindia", "switzerlandnorth", "switzerlandwest", "uaecentral", "uaenorth", "uksouth", "ukwest", "westcentralus", "westeurope", "westindia", "westus", "westus2", "westus3"]' then p.name || ' collect activity logs from all regions.' else p.name || ' not collect activity logs from all regions.' end as reason, p.resource_group as resource_group, sub.display_name as subscriptionfrom azure_log_profile as p left join azure_subscription sub on sub.subscription_id = p.subscription_id;Controls
The query is being used by the following controls: