1. Login to the Azure portal (https://portal.azure.com/).
2. Go to the Azure Active Directory service.
3. Select the “Audit logs” option under the Monitoring section.
4. In the Audit logs blade, click on the “Diagnostic settings” option.
5. Select the diagnostic setting that needs to be remediated.
6. In the “Diagnostic settings” blade, scroll down to the “Categories” section.
7. In the “Categories” section, ensure that the “AuditLogs” option is selected.
8. Under the “AuditLogs” option, select the “Select specific actions” radio button.
9. In the “Select specific actions” section, ensure that all the required AuditActionGroups are selected.
10. Click on the “Save” button to save the changes.

​

1. Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
2. Run the following command to get the current configuration of AuditActionGroups:
   Copy

   Ask AI

   az monitor activity-log list --query [].categories.actionGroups
   

3. Check the output of the above command to see if AuditActionGroups are set properly. If not, proceed to the next step.
4. Run the following command to set the AuditActionGroups:
   Copy

   Ask AI

   az monitor activity-log update --set categories.actionGroups=<comma separated list of action groups>
   

   Replace <comma separated list of action groups> with the appropriate list of action groups. For example, if you want to set the AuditActionGroups to “Write”, “Delete”, and “Action”, the command would be:
   Copy

   Ask AI

   az monitor activity-log update --set categories.actionGroups=Write,Delete,Action
   

5. Verify the configuration by running the first command again:
   Copy

   Ask AI

   az monitor activity-log list --query [].categories.actionGroups
   

   The output should now show the updated list of AuditActionGroups.

1. Import the necessary libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.monitor import MonitorManagementClient

2. Set the credentials:

credential = DefaultAzureCredential()
subscription_id = '<Your Subscription ID>'

3. Initialize the MonitorManagementClient:

monitor_client = MonitorManagementClient(credential, subscription_id)

4. Get the existing AuditActionGroups:

audit_action_groups = monitor_client.activity_log_alerts.list_action_groups(resource_group_name='<Your Resource Group Name>', action_group_name='<Your Action Group Name>')

5. Update the AuditActionGroups:

updated_audit_action_groups = [
    {
        "id": "/subscriptions/<Your Subscription ID>/resourceGroups/<Your Resource Group Name>/providers/microsoft.insights/actionGroups/<Your Action Group Name>",
        "action_group_type": "CustomEmail/SMS/Push/Voice",
        "short_name": "<Your Short Name>",
        "email_receivers": [
            {
                "name": "<Your Email Name>",
                "email_address": "<Your Email Address>",
                "use_common_alert_schema": True
            }
        ]
    }
]

monitor_client.action_groups.create_or_update(resource_group_name='<Your Resource Group Name>', action_group_name='<Your Action Group Name>', parameters=updated_audit_action_groups)

6. Verify the updated AuditActionGroups:

updated_audit_action_groups = monitor_client.activity_log_alerts.list_action_groups(resource_group_name='<Your Resource Group Name>', action_group_name='<Your Action Group Name>')