Diagnostic logs in Batch accounts should be enabled

[BenjaminEngeset]

Rule request

Suggested rule change

Diagnostic logs in Batch accounts should be enabled.

Enable logs and retain them for up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised.

This is actually an official Defender for Cloud recommendation.

Security pillar for this one.

Applies to the following

The rule applies to the following:

• Resource type: [Microsoft.Batch/batchAccounts]

Additional context

Diagnostic logs in Batch accounts should be enabled Template reference