Is there a way to get compliance info from the activitylog for easy alerting on incompliance of resources (or at least resource groups) for a specific Policy or initiative?
I noticed there are Audit events in the activitylog on RGs for incompliant policies and initiatives (Warning level). Looking at the properties of these events, they seem to be bundled for results from multiple Policies/Initiatives.
Typically RGs will have multiple policies/initiatives assigned, for example the default ASC policy (which contains many controls), and additional company assigned policies.
For example: Resource Group RG1
1) Default ASC Policy initiative (many controls, many incompliant @ RG level)
2) Company Policy initiative (with all controls relevant to us)
By default, RG1 will almost always be incompliant on one or more controls in the ASC default set. It looks like the activity log does not provide a separate entry for each specific policy/initiative, which makes it impossible for the owner of RG1 to alert specifically on incompliance of that policy.
The only workaround I see would be a Log Analytics alert (querying for the policyID in the audit event), but it would make much more sense being able to alert on that using a native activitylog alert, maybe even integrate a "Create Alert" button directly from the compliance results for a specific policy/initiative.