Support allLog diagnostic settings category group in Azure Policies

[SenthuranSivananthan]

Category groups are a collection of different logs to help you achieve different monitoring goals. These groups are defined dynamically and Microsoft may add or remove categories as the product evolves, resulting in new charges.

Instead of specifying each log category separately, use the allLogs to ensure new categories added to diagnostic settings are automatically included.

Option in Azure Portal:

[SenthuranSivananthan]

Will use updated diagnostic script from Jim Britt. Waiting for PR to merge: JimGBritt/AzurePolicy#40

[SenthuranSivananthan]

Looks like with Category Groups, all categories need to be selected for a policy to be considered compliant.

Steps to reproduce:

1. Created an Automation Account, generated policy via Create-AzDiagPolicy.ps1 and deployed.
2. Create a new Automation Account and wait for DINE effect
3. Run a compliance scan via az policy state trigger-scan --subscription sub_id

Observations:

For Automation Account, both allLogs and audit needs to be selected.

Automation Account Diagnostic Settings

Policy compliance failure reason

---

Policy is only compliant when both category groups are selected.

[SenthuranSivananthan]

Cleared milestone until this feature is formally released.

[SenthuranSivananthan]

We will revisit this issue if there's a need to support allLogs category and there's a consistent way to enable using built-in policies.