{ "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json", "nodeName": "/Management/", "scope": { "tenant1": [ // Replace with your EPAC environment name and validate the management group listed below exists "/providers/Microsoft.Management/managementGroups/management" ] }, "parameters": { "workspaceRegion": "", // Replace with your primary region "automationRegion": "", // Replace with your primary region "rgName": "", // Replace with a unique resource group name "automationAccountName": "", // Replace with an automation account name "workspaceName": "" // Replace with a Log Analytics workspace name }, "children": [ { "nodeName": "Automation", "enforcementMode": "DoNotEnforce", // This assignment is not enforced by default in case an automation account or Log Analytics workspace already exists "assignment": { "name": "Deploy-Log-Analytics", "displayName": "Configure Log Analytics workspace and automation account to centralize logs and monitoring", "description": "Deploy resource group containing Log Analytics workspace and linked automation account to centralize logs and monitoring. The automation account is a prerequisite for solutions like Updates and Change Tracking." }, "definitionEntry": { "policyId": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955", "displayName": "Configure Log Analytics workspace and automation account to centralize logs and monitoring", "nonComplianceMessages": [ { "policyDefinitionReferenceId": null, "message": "Log Analytics workspace and automation account should be configured to centralize logs and monitoring." } ] } } ] }