We deploy a strategy that calls for Azure Logic Apps telemetry to be enabled when building a production Azure Logic App. We use this data to drive a Power BI – Integration Health Dashboard. If we aren’t publishing the data to Log Analytics, then we don’t have an accurate dashboard. Since this behavior of the logic app is rather silent, it is easy to forget to configure it. Since we can automate processes in Azure Logic Apps, we decided to automate the governance of this feature using Azure Logic Apps.

Initially we went down the path of trying to use the ARM connector to detect this but that didn’t work out for us. The data isn’t there. But, after some help from Divya and Derek from the Logic Apps Product Group, we were able to figure this out.

Step 1 – The Logic App that is going to run needs access to other logic apps through the Azure Management API. To do this we want to create a Managed Service Identity. This can be achieved by clicking on the Identity link in the logic app left nav.

Step 2 – We need to provide read access for our logic app so that it can read the contents of our other Logic Apps. The best way to do this is to assign it at the Resource Group that our production logic apps live in.

Step 3 – Within our governance logic app we need to configure an HTTP action that uses Managed Identity as the Authentication scheme and calls the Azure Management API. The URL that we will construct looks like this:

https://management.azure.com/subscriptions/<subscription id>/resourcegroups/<resource group>/providers/microsoft.logic/workflows/<Logic App Name>/providers/microsoft.insights/diagnosticSettings?api-version=2017-05-01-preview

If an empty result {} is returned, that means that diagnostic settings have not been established. Otherwise we will receive a payload that includes the workspaceId of our Log Analytics instance.