Enable diagnostic logging of Azure Activity to central (T1) log analytics workspace

[shawngib]

Benefit/Result/Outcome

• To meet SCCA requirements admins will need the ability to ensure/audit central logging capabilities of all MLZ resources and resource groups including activity logs*

Description
Azure activities are a record of what and who acted against resources in Azure which is required by SCCA. SCCA also requires central logging be enabled, while Activity Logs are central to a subscription they are not inclusive of all other logs so it is yet a separate view/data store into required logs. Using diagnostic settings that are set/audited via policy to send these logs to the T1 LA workspace which also will hold all other logs will centralize logging. This can also include sending to storage for warm access to telemetry and eventually off-loaded to on prem which is a requirement of SCCA for cold storage.

Acceptance Criteria

• Policy added to deployment which creates the activity log diagnostic setting
• Policy assigned
• Remediation created for policy which will run the deploy if not exist task on existing activity log.