Generate Azure Policy Compliance Alerts By Sending Custom Data to Log Analytics - Part 2

Microsoft

Aug 02, 2024

I do not have this lab running at the moment, but I do not recall seeing an Enterprise App in my Identity tenant. I am not sure if that is related to this solution. I see yours is dated in 2020.

Based on the error you posted, I would first look at the scope part of it. You mentioned that you setup the EventGrid at the MG level. How did you do that? The templates/code was written to deploy EventGrid to the Subscription so maybe you need to adjust the scope in the code so that the EG Subscription knows how to find the EG. The error indicates an error trying to access the eventGridFilters, which is where the code sets the subscription to event types of "Microsoft.PolicyInsights.PolicyStateChanged" and "

Microsoft.PolicyInsights.PolicyStateCreated". The EG and Subscription are created in the code in the template "\event-grid\main.bicep". The Subscription ID is in the parameter "egSubscriptionSource".

If everything looks ok with the scope, then I would focus on Access Control Roles. Maybe the account running this code does not have the proper RBAC roles at the MG level. I would give that a check as well.

Based on the information you provided, that is where I would look first. We did not test this code to deploy at the MG level so I cannot validate if there are any other adjustments required, but in theory it should work with the right adjustments.

Blog Post

Generate Azure Policy Compliance Alerts By Sending Custom Data to Log Analytics - Part 2 - Automated