iCompaas Support

Description:

Create an activity log alert for the Create Policy Assignment event. This control ensures proactive monitoring and alerting for Azure Policy assignments, improving governance visibility, reducing security risk, and supporting compliance requirements.

Rationale:

Monitoring for create policy assignment events gives insight into changes made in"Azure policy - assignments" and can reduce the time it takes to detect unsolicited changes.

Impact:

Enabling an Activity Log Alert for policy assignment creation ensures real-time governance visibility, strengthens security monitoring, and supports compliance with regulatory and industry standards.

Default Value:

By default, Azure logs policy assignment events but does not generate alerts or notifications when a policy assignment is created unless an Activity Log Alert rule is explicitly configured.

Pre-requisites:

1. Required permissions (Owner / Contributor / Monitoring Contributor).

2. Azure Policy assignments are available in the subscription.

3. Action Group is configured with at least one notification method.
   
   

Test Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts

4. Open Alert rules

5. Verify an Activity Log Alert exists for the operation Create policy assignment

6. Verify the alert scope is set to the required subscription

7. Verify that an Action Group is associated

8. If no alert exists or the scope is incorrect, follow the implementation steps

Implementation Steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts, click Create, and select Alert rule

4. Under Scope, select the target subscription

5. Under Condition, select Activity Log

6. Set Category to Policy

7. Under Condition, click See all signals, search for Operation name "Create policy assignment.", and select the signal.

8. Apply the condition

9. Under Actions, select an existing Action Group or create a new one

10. Under Details, select a resource group and provide an alert rule name

11. Click Review + Create

12. Click Create

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts

4. Open Alert rules

5. Locate the Activity Log Alert for "Create policy assignment."

6. Delete the alert rule

7. Confirm the deletion

References:

• https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-activity-log 

• https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/activity-log-alerts