Verify that Network Watcher is 'Enabled' for all locations in the Azure subscription
Why this matters
Azure Network Watcher provides diagnostic and logging capabilities that are essential for investigating network issues and monitoring traffic. Without Network Watcher enabled in regions where resources are deployed, security teams may lose visibility into key network activities and face blind spots in their forensic investigations or compliance audits.
What this check does
This Auto Check verifies that Network Watcher is provisioned and successfully enabled (provisioningState = Succeeded
) in every Azure region where resources are deployed.
Check Logic:
Passes if:
- Network Watcher exists in every in-use Azure region
- Each Network Watcher has
provisioningState = Succeeded
Fails if:
- Any in-use Azure region lacks a Network Watcher
OR - Any Network Watcher has a
provisioningState β Succeeded
How to fix it
Azure Portal:
- Use the top search bar to find Network Watcher
- In the Overview tab, verify that each region in use has a Network Watcher listed
- If missing, click Create
- Select the required Region from the dropdown
- Click Add
Azure CLI:
az network watcher configure \
--locations <region-name> \
--enabled true \
--resource-group <resource-group-name>
PowerShell:
Get-AzNetworkWatcher
Ensure that each region in use has a watcher with ProvisioningState = Succeeded
. If missing, use:
New-AzNetworkWatcher `
-Name <watcher-name> `
-Location <region-name> `
-ResourceGroupName <resource-group-name>
Exceptions
None. Network Watcher must be active in all regions where resources are deployed.
- Further resources
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://learn.microsoft.com/en-us/cli/azure/network/watcher?view=azure-cli-latest
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create
https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-4-enable-network-logging-for-security-investigation
https://azure.microsoft.com/en-ca/pricing/details/network-watcher/