policyAssignments/CAF-ManagementMG-Default.json

{
    "nodeName": "/Management/",
    "scope": {
        "tenant1": [
            "/providers/Microsoft.Management/managementGroups/management"
        ]
    },
    "children": [
        {
            "nodeName": "Logging/",
            "children": [
                {
                    "nodeName": "ActivityLogs",
                    "assignment": {
                        "name": "Deploy-Log-Analytics",
                        "displayName": "Configure Log Analytics workspace and automation account to centralize logs and monitoring",
                        "description": "Deploy resource group containing Log Analytics workspace and linked automation account to centralize logs and monitoring. The automation account is a prerequisite for solutions like Updates and Change Tracking."
                    },
                    "definitionEntry": {
                        "policyId": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955"
                    },
                    "parameters": {
                        "rgName": "",
                        "workspaceName": "",
                        "workspaceRegion": "",
                        "automationAccountName": "",
                        "automationRegion": "",
                        "dataRetention": ""
                    },
                    "nonComplianceMessages": [
                        {
                            "message": "Log Analytics workspace and automation account must be configured to centralize logs and monitoring."
                        }
                    ]
                }
            ]
        }
    ]
}