Policy: Azure > CIS v5.0 > 6 - Management and Governance Services > 6.01 - Logging and Monitoring > 6.01.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation

By setting this policy, you attest that you have manually verified that it complies with the relevant section of the CIS Benchmark. From Azure Portal To enable Resource Logging for supported services: 1. Navigate to the specific Azure resource 2. Under Monitoring, click on Diagnostic settings 3. Click + Add diagnostic setting 4. Enter a Diagnostic setting name 5. Select the appropriate log categories and metrics 6. Choose your destination (Log Analytics workspace, Storage account, Event Hub, or Partner solution) 7. Click Save Note: Repeat for all resources that support diagnostic settings. From Azure CLI az monitor diagnostic-settings create --resource <resource-id> --name <setting-name> --workspace <log-analytics-workspace-id> --logs '[{"category": "<category>","enabled": true}]' --metrics '[{"category": "AllMetrics","enabled": true}]' Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation.