Azure policies -An activity log alert should exist for specific Security operations

MrFlinstone, Thank you for reaching out to Microsoft Q&A.

The compliance for this policy is based on the following policy definition - An activity log alert should exist for specific Security operation. When you click this link, it takes you to the definition page of this policy which is a built-in policy.

It seems that you have assigned this policy to your subscription or that you have assigned an initiative containing this policy (an initiative is a collection of policies). The list of built-in initiatives and policies is available here - Azure Policy Regulatory Compliance controls for Azure Monitor.

In your subscription, where this policy is shown as non-compliant, you will have to create "Activity Log Alert Rule" for specific operations. To create it,

1. Go to "Monitor" in Azure portal --> Alerts
2. Select "+Create" --> "Alert rule" from this page's options.
3. "Select Scope" as the subscription (select subscription and select "Apply" or "Done")
4. Under conditions, click "See all Signals" and search for "Update security policy"
5. Follow further steps to create alert.

You may have to follow this step for the following 2 categories as well:

• Create or Update Security Solutions (Security Solutions)
• Delete Security Solutions (Security Solutions)

I would suggest checking the activity log alert rule available in your compliant subscription and create the activity log alert for the ones for which it is available to ensure compliance.

Hope this helps.

If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.