is there an azure policy to check diagnostic settings of a function app sends logs to log analytic workspace

Question

The following blocks in policy rule doesn't match with arm template.. Azure policy to ensure that function app logs are sent to log analytics workspace via diagnostic settings.

{
            "field": "type",
            "equals": "Microsoft.Insights/diagnosticSettings"
          },
          {
            "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
            "exists": "false"
          }

Answer 1

That's correct, the Azure Policy definition structure is different from the ARM template syntax in a few ways.

There isn't a policy already available that performs the exact ask, but there are some built-in policies for Azure Monitor that you can reference and customize in order to satisfy your requirement:

• Audit diagnostic setting: Audit diagnostic setting for any of the selected resource types (Source).

  Note that for AuditIfNotExists effect in the policy, for new and updated resources, Azure Policy adds a Microsoft.Authorization/policies/audit/action operation to the activity log and only marks the resource as non-compliant.

• Deploy Diagnostic Settings to Log Analytics workspace: Deploys the diagnostic settings for Batch Account to stream to a regional Log Analytics workspace (Source). This policy has the DeployIfNotExists effect on resources.

• This is another simple policy that demonstrates working with Azure Functions.